To generate a certificate using Let’s Encrypt®, you need to configure the generic Let’s Encrypt® settings first. If you haven’t done this yet, a button displaying Set up Let’s Encrypt® options first will appear. Clicking on it will redirect you to the relevant page. For detailed instructions on setting up Let’s Encrypt®, please refer to the How to Configure Let’s Encrypt® section.
Once the Let’s Encrypt® options are set up, click on the Generate new button. A new dialog will ask you to enter applicable hostnames for the new certificate. This field is mandatory and cannot be left empty.
- Path to file: Enter the complete path to the file in PEM format containing the private key in the Private
key field. Please be advised that sometimes both the private key and the certificate chain are combined
into a single file. In such cases, enter the path to the same file in both fields. The file must be located on
the server. - Rawdata: Enter the certificate in PEM format either by manually inputting it or by selecting a local file
from the machine where the Administration interface is running. - PKCS#11 URL: Enter the PKCS#11 URL that specifies the location of your private key. This URL points
to the exact location of your private key within the Hardware Security Module (HSM) or the device
where your private key is stored.
You can either let the server generate a private key for you by leaving the default option Generated by the server, or you select the Provided option to provide one. If you select the Provided option, there are three ways to provide the private key:
Note: to prevent automatic renewal of the Let’s Encrypt certificate (which is the default setting), uncheck the Automatically try to renew the certificate in due time checkbox located in Protocol Settings › FTP and FTPover TLS (FTPS) › Connection Security tab.
Note: To use a newly chosen certificate you must either click the Apply or OK button at the bottom of the settings dialog.
Related Topics: