Views: 307
Last Modified: 02.09.2024
Important! Before issuing the Let’s Encrypt certificate, make sure that you have
created a site at the host (also available from the Internet), to which the certificate is issued, as well as that DNS settings for DNS hoster and registrator for this domain are configured correctly. Otherwise the certificate won't be issued. Plus, there is a limit – 5 errors for certificate issue per hour and per account for one domain.
The following is required to create the Let’s Encrypt SSL certificate:
- Go to menu 8. Manage web nodes in the pool > 2. Configure certificates:
- Select item 1. Configure "Let's encrypt" certificate and enter the following:
- Enter site name – single or several site name(-s) to issue Let's encrypt certificate(-s) (in this example: example.org)
- Enter Domain(s) – all domains for this site to be issued with certificate, including domains within or without "www"; enter several domains as comma-separated
- Enter email for "Let's encrypt" notifications – mail address for Let's Encrypt service notifications and confirm the selected option:
- The wizard itself will request and install the certificate within several minutes. Paths of SSL certificates will be specified in the same section.
It is easy to check the issued certificate – just go to your site via https protocol and the valid certificate will have a green coloured 'lock' icon.
Certificate validity period is 90 days. Certificate re-issuing is launched automatically, approx. one month prior to its expiration.
Manual update
BitrixVA 9.0.0 automatically checks certificate validity on a weekly basis at 2 AM as per cron.
If you need to manually update the certificate, initiate its retrieval for existing domain. System will check for it and update certificates accordingly, if required.
You can also execute the command manually:
/home/bitrix/dehydrated/dehydrated -c
System will check validity periods and will launch update if required.
Update log can be viewed at: /home/bitrix/dehydrated_update.log.
Important! Lets Encrypt service has limits for issuing certificates. The main ones are as follows:
- Issue of 50 certificates per week for domains (from registration for registered domains, subdomains are not included).
- If you have a lot of subdomains, all subdomains can be specified in a single certificate. However, there is a limit of 100 subdomains per single certificate.
- Five errors per 1 hour of certificate issue per account for one domain (host is unavailable, records in domain DNS are not specified and etc.).
- HTTP-01 validation is performed only via port 80. In case this port is closed (for example, by a provider), then certification won't be re-issued.
Please, find additional details about limits of Let’s Encrypt in this Rate Limits article.