LetsEncrypt is a certificate authority that offers free SSL certificates that you can use for the custom domain name of your DEAR B2B Portal. There are other certificate authorities that you can use, but LetsEncrypt not only offers free SSL certificates but makes certificate generation easy.
Before generating a free SSL certificate, you need to bind a custom domain name to your DEAR B2B portal. For more information, see Binding a custom domain name to your DEAR B2B Portal.
NOTE: The instructions in this article assume that you have a basic understanding of Linux usage/commands and shell access to an Ubuntu Linux web server. If you do not have shell access (or something similar) to your web server, your hosting provider might be able to assist you in generating a SSL certificate for the custom domain name of your DEAR B2B Portal.
To generate a LetsEncrypt SSL certificate, follow the steps below.
- Log on to your web server from any computer.
ssh [user]@[server-address] su
- Install Certbot in usr/bin/certbot.
apt-get install software-properties-common add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot
- Stop any running instance on the web server.
- Generate the SSL certificate using the subdomain name as the certificate name.
cd [certbot directory] ## /usr/bin service apache2 stop ./certbot certonly --standalone -d [subdomain.domain.tld] service apache2 start
- Navigate to the directory where the certificate was saved.
- Convert the certificate to PFX format.
openssl pkcs12 -export -out [subdomain.domain.tld].pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
- Enter a passphrase for the certificate. You will need this passphrase when uploading the certificate to DEAR.
Enter Export Password: [passphrase-you-create-here] Verifying - Enter Export Password: [passphrase-you-create-here]
- Copy the certificate to a downloadable location on the server. This is to ensure that you can download the certificate via secure FTP or some other protocol.
cp -p /etc/letsencrypt/live/[subdomain.domain.tld].pfx /home/[user] cd /home/[user] chown [user] /home/[user]/[subdomain.domain.tld].pfx
- Open a new terminal and copy the certificate to your computer.
cd ~/Downloads/ scp [user]@[server-address]:/home/[user]/[subdomain.domain.tld].pfx . [user-password] or [ssh-key] ls -al | grep .pfx
- Log on to your domain registrar account and change the DNS CNAME in your DNS Zone records in the following format:
[subdomain.domain.tld] CNAME [subdomain].dearportal.com.
- Wait until the DNS CNAME TTL times out.
- Upload the certificate to DEAR B2B Portal by going to to https://inventory.dearsystems.com/Portal, then creating a new portal configuration.
- Under the Custom Domain for portal section, set the following:
Custom Domain Name (URL): [subdomain.domain.tld] SSL Certificate file: Choose File ~/Downloads/[subdomain.domain.tld].pfx SSL Certificate password: [passphrase-you-create-here]
- Click Set Custom Domain.
- On the terminal that you opened in Step 9, test the certificate.
curl -svo /dev/null https://[subdomain.domain.tld] --tlsv1.2
- Delete the certificate.
rm -rf ~/Downloads/[subdomain.domain.tld].pfx
In a browser, go to http://[subdomain.domain.tld] and check that the DEAR B2B Portal is active with the free LetsEncrypt SSL Certificate.
IMPORTANT! LetsEncrypt SSL certificates expire after 90 days. To ensure that the SSL certificate for your custom domain does not expire after that period, set a CRON job on the server to automatically renew the SSL certificate every 90 days, and set an email reminder to manually upload the regenerated SSL certificate back to DEAR.