[HOW TO] Enable Secure Web Access with Lets Encrypt

This tutorial will guide you through the steps of obtaining a Free SSL certificate via Let’s Encrypt and use that SSL certificate to secure the FreePBX web interface.

There are a couple pre-requisites that you must have:

  • You must be running FreePBX 13
  • Make sure that all module and distribution updates have been applied
  • A valid DNS “A” record that resolves to your PBX’s IP.

The DNS entry needs to be set up with the DNS provider for your domain. An example DNS record would be:

pbx1.example.com – 192.168.1.1

Once you have that completed, we can request the SSL certificate from Let’s Encrypt. From your FreePBX admin web interface, Choose Admin, Certificate Management:

Next we will Choose “New Certificate”, “Generate Let’s Encrypt Certificate”:

Next, if you have the FreePBX firewall enabled (which we recommend) you will need to allow Let’s Encrypt and FreePBX.org access to your PBX. This only allows Let’s Encrypt and FreePBX.org access to the web URL for your PBX so they can verify that there is a web server on the IP. The do not have access to actually log into your PBX.

Click “Update Firewall” to allow the access.

Next you will need to fill in the following:

  • Host Name – This is a valid DNS entry (like pbx1.example.com)
  • Description – We suggest that you use the same name as “Host Name”.
  • Country – The country that your business is located in.
  • State/Province – The state/province your business is located in

An example screen is shown here:

Click “Generate Certificate” to submit the SSL certificate request to Let’s Encrypt. The SSL certificate should now show in your list of SSL certificates:

We can now use this SSL certificate to secure the web interface the the PBX. From the PBX admin choose Admin, System Admin. In the right hand menu, choose HTTP Setup:

Click on Settings:

Choose the SSL certificate that you created above and click ‘Install”

Your PBX now has a valid SSL certificate installed and you can access it via the https:// protocol!