I’ll second this. It would be nice to have an easy, automated way to add and renew LetsEncrypt SSL certs to Peplink/Pepwave routers. (Old thread, I know, but this seems to be the only result when searching for LetsEncrypt.)
OK, here’s the third vote.
We have several applications/clients where we cannot use Peplink devices because of the certificate issue.
Fourth vote.
To cover as many use cases as possible, we should be able to create a CSR on Balance/MAX/MediaFast/Surf routers for use on the router, as well as being able to add/manage additional domains/subdomains for APs & other downstream devices. APs should have the ability to create/manage their own CSR independently of a controller (Balance or IC2) if necessary. Finally, CSRs could also be created/managed in IC2 and pushed out to all or some devices.
This was submitted to the product team. They will take into the consideration.
Thanks for the feature request.
Is this feature now available somehow? Today when I logged into incontrol there was a pop-up that I think discussed using letsencrypt.org . But I didn’t pay attention figuring that I can find it again after I do other things. But now I can not find any documentation except this thread. So was this just a dream, or really there is a simple way to use letsencrypt.org? (I have a Balance One Core if it matters)
Thanks! – C
This feature is under development. Stay tuned.
Any news? Thanks! – C
@TK_Liew: Will we be able to configure/use this important feature without IC2? [Please tell me yes. ]
or with ICA …
OK, that greatly reduces the value of the product to us but I very much appreciate you letting me know!
I don’t want to enable “Find My Peplink Service”.
I do only want a cert for our hostname (and a RFC6844/CAA RR # 257 in Peplink device DNS resource records).
Hi,
The Let’sencrypt functionnality does not seem to be compatible with ICVA and private domains. Anything we can do in our config to push it? Seems to be by default linked to peplink.com domains.
Thanks !
The letsencrypt feature ties to the Find My Peplink service. IC2/ICA could only request letsencrypt to sign domains that are managed by the Find My Peplink service (i.e. something.mypep.link for IC2).
In ICA 2.4.2-1, the letsencrypt functionality is not totally ready. It shall be fixed in the coming IC 2.5.2. But even so, you have to make sure the Find My Peplink DDNS service is well configured. Devices’ DDNS host names are resolvable from the Internet. Otherwise, the system still cannot acquire a signed cert from letsencrypt.
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
Validity
Not Before: Jan 21 22:00:08 2018 GMT
Not After : Apr 21 22:00:08 2018 GMT
Subject: CN=homehub.mypep.link
Thats my certificate currently in my Peplink Balance One on April 22… so as you can assume it clearly expired and has not renewed with a ugly red https… My incontrol2 account is fully active and working fine so no clue why its not renewing… Help Me… i am missing my green https.
edit: Manage Web Admin SSL Certificate is selected also so no clue whats happening.
We identified some letsencrypt system change breaks our implementation. We will try to fix the issue in this week.
Hi tiqster, the issue has been resolved. But unfortunately the letsencrypt system refuses to sign a cert for homehub.mypep.link
until May 1. You will have to wait until May 1, or change your Find My Peplink address to something else.
I guess i can change it to something else until May 1st then change it back. Thanks
Changed my find my peplink address and it still shows as the old one on my device. How long does it take for incontrol2 to talk to my device… its been more than 40 minutes since i made the change.