Generate or renew my own SSL certificates
Last updated
Was this helpful?
Last updated
Was this helpful?
By default, Link11 supports communication between customer backends and .
When a backend system requests a new or renewed certificate from LE, Let's Encrypt responds initially with a challenge. Because Link11 WAAP is a proxy for the backend, this challenge will be sent to L11WAAP.
Under normal circumstances, L11WAAP will forward this to the customer system. If this is not occurring, something in L11WAAP's default configuration might have been changed.
To correct this, perform the following two-step process.
Confirm that there is a named Let's Encrypt Requests.
Confirm that this Filter:
is in
will add a tag of let-s-encrypt
has an of monitor (tag only)
contains a single entry, with Category set to URI and Match set to ^/\.well-known/(acme-challenge|rbz-traffic)/[A-Za-z0-9_-]+$
If any edits were performed as a result of the above, save them and .
The Global Filter described above will add a tag of let-s-encrypt to challenges from LE.
To ensure that this traffic is passed through L11WAAP to the customer backend:
After all Profiles have been checked, publish the changes (if any were made).
If the process above is followed, and Let's Encrypt traffic is still being blocked by L11 WAAP, check the LE requests in the Events Log to discover the reason(s) for this.
Ensure that this tag is in the in every Content Filter Profile. During this process, if a Profile is edited, ensure that the changes are saved.
Note that the passthrough of Let's Encrypt requests does not occur until the Content Filtering stage of the . This means that several stages of filtering are still performed before the passthrough can occur. If legitimate requests from Let's Encrypt are tagged with let-s-encrypt but are still being blocked, use the Events Log entries to determine the source of the blocking action, and then correct the security settings that are responsible for this.
Feel free to for assistance with any part of the process described above.