TLS termination using Let’s Encrypt

As you know, Otoroshi is capable of doing TLS termination for your services. You can import your own certificates, generate certificates from scratch and you can also use the ACME protocol to generate certificates. One of the most popular service offering ACME certificates creation is Let’s Encrypt.

Setup let’s encrypt on otoroshi

Go on the danger zone page by clicking on the cog icon / Danger Zone. Scroll to the Let's Encrypt settings section. Enable it, and specify the address of the ACME server (for production Let’s Encrypt it’s acme://letsencrypt.org, for testing, it’s acme://letsencrypt.org/staging. Any ACME server address should work). You can also add one or more email addresses or contact urls that will be included in your Let’s Encrypt account. You don’t have to fill the public/private key inputs as they will be automatically generated on the first usage.

Creating let’s encrypt certificate from FQDNs

You can go to the certificates page by clicking on the cog icon / SSL/TLS Certificates. Here, click on the + Let's Encrypt certificate button. A popup will show up to ask you the FQDN that you want for you certificate. Once done, click on the Create button. A few moment later, you will be redirected on a brand new certificate generated by Let’s encrypt. You can now enjoy accessing your service behind the FQDN with TLS.

Creating let’s encrypt certificate from a service

You can go to any service page and enable the flag Issue Let's Encrypt cert.. Do not forget to save your service. A few moment later, the certificates will be available in the certificates page and you can will be able to enjoy accessing your service with TLS.