...
Note that the DNS name must point to the router and port TCP/80 must be available from the WAN. If the dns-name is not specified, it will default to the automatically generated /ip cloud name (ie. http://example.sn.mynetname.net)
Different acme servers
Support has been added starting from 7.15beta7, you can use not only Let's Encrypt certificate service, but any other you like.
Server properties
| Property | Description |
|---|---|
| directory-url (string) | ACME directory url. |
| eab-hmac-key (string) | HMAC key for ACME External Account Binding (optional). |
| eab-kid (string) | Key identifier (optional). |
Example:
| Code Block | ||
|---|---|---|
| ||
/certificate/enable-ssl-certificate directory-url=https://acme.zerossl.com/v2/DV90 dns-name=mydomain.abc eab-hmac-key=4ac7xuxAdV4mIncwIIEhLjExsFZ4v1rWgDkX4SKXD25pMVtF85GZJYSF8UKXUOjzSr2g3-v4lhL57NHFaQ42Ff eab-kid=GHWaP2_Ghx73vcU8ricAKU |
SCEP
SCEP is using HTTP protocol and base64 encoded GET requests. Most of the requests are without authentication and cipher, however, important ones can be protected if necessary (ciphered or signed using a received public key).
...
SCEP certificates are renewed when 3/4 of their validity time has passed.
Different acme servers
Support has been added starting from 7.15beta7, you can use not only Let's Encrypt certificate service, but any other you like.
Server properties
...
...
| Code Block | ||
|---|---|---|
| ||
/certificate/enable-ssl-certificate directory-url=https://acme.zerossl.com/v2/DV90 dns-name=mydomain.abc eab-hmac-key=4ac7xuxAdV4mIncwIIEhLjExsFZ4v1rWgDkX4SKXD25pMVtF85GZJYSF8UKXUOjzSr2g3-v4lhL57NHFaQ42Ff eab-kid=GHWaP2_Ghx73vcU8ricAKU |
Server properties
| Property | Description |
|---|---|
| directory-url (string) | ACME directory url. |
| eab-hmac-key (string) | HMAC key for ACME External Account Binding (optional). |
| eab-kid (string) | Key identifier (optional). |