MikroTik SSL Let's Encrypt
MikroTik SSL Let's Encrypt
Posted inCertificates CHR Tutorials

MikroTik with Let’s Encrypt SSL Certificate

What is an SSL Certificate?

An SSL (Secure Sockets Layer) certificate is a digital certificate that establishes a secure, encrypted connection between a user’s web browser and a website’s server. It ensures that any data exchanged between the two is protected from being intercepted or altered by unauthorized parties. This is especially important for websites that handle sensitive information, such as passwords, credit card details, or personal data.

When a website has an SSL certificate, its URL begins with “https://” instead of “http://,” and users see a padlock icon in the browser’s address bar. SSL certificates provide three key benefits:

  1. Encryption: Protects data in transit from being read by third parties.
  2. Authentication: Confirms that the website is owned by a legitimate organization or entity.
  3. Trust: Builds user confidence by showing the website is secure.

What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides SSL certificates to website owners. Launched in 2016, its mission is to make the web more secure by making SSL/TLS encryption accessible to everyone. Key features of Let’s Encrypt include:

  1. Free SSL Certificates: Unlike many traditional certificate authorities, Let’s Encrypt provides SSL certificates at no cost.
  2. Automation: Let’s Encrypt simplifies the process of obtaining, renewing, and managing certificates through automation tools like Certbot.
  3. Open and Transparent: It’s a nonprofit organization supported by various tech companies and aims to promote a secure and privacy-respecting internet.

Let’s Encrypt has played a significant role in increasing HTTPS adoption worldwide, making secure connections a standard for websites of all sizes.

Generate the Certificate

Open a Terminal and run the following command. The DNS entry used has to be a valid DNS record that resolves to the public IP of the router.

certificate enable-ssl-certificate dns=a285895a08d6ff0f.sn.mynetname.net

If you don’t have a valid DNS Domain to use then you can use the MikroTik inbuilt DDNS service (IP > Cloud) and the DNS Name from this. (NB If using a CHR instance a valid P license is required to use DDNS)

View this article about deploying a CHR in AWS which outlines CHR licensing

Make sure the MikroTik has inbound (and outbound) access to HTTP/S. Once complete the progress will show [succes] ssl certificate updated.

Confirm the certificate under System > Certificates

Testing

To test, go to IP > Services and enable the www-ssl service (disabled by default) and select the newly aquired SSL cert under Certificate

Open a web browser and enter the DNS name using HTTPS://

The RouterOS Webfig interface should load without any SSL warning. You can confirm the certificate via certificate in the browser window

Automate Renewal

As you can observe from the expiry date and the days valid under the Certificates menu, the license is only vlaid for 89 days. To renew we simply repeat the steps to generate the cert in the first instance so we can automate this using a Scheduler task.

Open System > Scheduler and add new, the set the interval to 88d 00:00:00 (Days Hours:Minutes:Seconds). Then in the On Event add the same command to generate the cert.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *