Showing results for 
Search instead for 
Did you mean: 

Certbot/LetsEncrypt certificate support

Certbot/LetsEncrypt certificate support

Any chance of getting this built-in and controllable via the cnMaestro webUI?


From the console, all that is needed is:

add-apt-repository ppa:certbot/certbot
apt-get install python-certbot-nginx
certbot --nginx -d

Then run "certbot renew" via cron once a day, it will renew the 90-day certificate automatically when it nears expiration.  (obviously the FQDN in the third line above has to reach the server)


A simple dialog to create a new cert would only need the FQDN from the admin, then it could request a new certificate and automatically renew without any further intervention... (and without being overwritten every time there's an update, hopefully)


With the python-certbot-nginx package (and its dependancies) installed then it just takes "certbot --nginx -d host.domain.tld" and it will handle the entire process of signing a request, requesting a certificate, confirming control of host.domain.tld, retrieving the signed certificate, and installing it. (might need "--agree-tos" as well to run non-interactively, haven't checked) After than running "certbot renew" periodically will check if the certificate is nearing expiration and renew when needed.  (90-day expirations IIRC)


So from a WebUI perspective we'd just need to specify or approve the FQDN and turn it loose and it could handle everything from then on.  (assuming "certbot renew" is set up in a cronjob)


Certbot is a support program from (Electronic Frontier Foundation) while the certificates are issued by and trusted by every browser I've tried.  (Mozilla and Chrome are among their sponsors)


If we already have a wildcard certificate or have paid for one specific to the cnMaestro on-premises FQDN then the UI to install them is great, but if we're going to request a new certificate for this host then I'd prefer LetsEncrypt for the automation and the free certificates.




+1! This is already pretty easy from the command line - it can't be too hard to add it to the WebUI, can it?

Community Manager
Status changed to: Under Consideration