KB: 1070
Renew SSL Certificate using Let's Encrypt HTTP Challenge
Problem Statement
End-user want to renew existing Let's Encrypt certificate for FQDN that configured behind the Haltdos WAF to achive below operation
- Re-issue valid certificate from trusted certificate authority
Pre-requistics
- FQDN (Fully Qualified Domain Name) should be behind Haltdos WAF (for HTTP challenge) and accessible from public internet
- Haltdos Console login with minimum READ_WRITE access.
- OLD SSL certificate attached to listener/website.
- Connectivity based on challenge as follows
- For HTTP challenge, no geo-filtering policy enforced on the FQDN public IP
- For HTTP challenge, verify no Geo/IP blocking policy on the network and web application firewall to avoid failure of the verification request.
Let's Encrypt issue SSL certificate with validity of 3 months from the date of issue.
Solution
-
Check current SSL certificate
-
SSL certificate issued for domain example.hltdos.com
-
Verify SSL certificate is expired for the website
-
-
Renew SSL certificate
-
Go to Resources > SSL certificate
-
Click on Refresh icon on the SSL certificate\
-
Click on Renew button
noteSSL renew process take some time to verify and issue certificate with Let's Encrypt.
-
SSL certificate updated on Haltdos console and deployed to WAF machine.
noteSSL challenge can be failed to misconfiguration or failure due to verification issue.
On failure on the multiple SSL renew, it is recommended to issue new certificate.
-
-
Verify SSL cerificate.
-
SSL certificate is updated on the website.
-