In this section, you’ll learn more about the RELIANOID Application Delivery Controller. This application has been integrated with the Let’s Encrypt system to manage SSL certificates and use them in the reverse proxy implemented in the load balancing module LSLB with the HTTPS profile.

Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides SSL/TLS certificates to enable secure HTTPS connections for websites. It simplifies the process of obtaining, installing, and renewing certificates, allowing website owners to enhance security and privacy for their users without the need for complex configurations or manual interventions. By offering these certificates at no cost, Let’s Encrypt promotes widespread adoption of HTTPS, improving the overall security of the internet. The service uses the Automated Certificate Management Environment (ACME) protocol to automate interactions between certificate authorities and web servers, ensuring a seamless and efficient certificate management process.

Since Let’s Encrypt is a web-based service, the RELIANOID Application Delivery Controller requires a direct connection to Let’s Encrypt services to create Certificates for Hosts (e.g., www.relianoid.com) or Wildcard Certificates (e.g., .relianoid.com). This communication between RELIANOID ADC and Let’s Encrypt is done through the ACME protocol over an encrypted secure connection.

The Automated Certificate Management Environment (ACME) protocol is a communication protocol used to automate the process of obtaining and renewing SSL/TLS certificates from a certificate authority (CA), such as Let’s Encrypt. ACME enables web servers and other internet-connected devices to interact with the CA through a series of automated, secure steps, including domain validation, certificate issuance, and renewal. This automation streamlines certificate management, reducing the need for manual intervention and making it easier for organizations to deploy and maintain secure HTTPS connections. By facilitating this process, ACME helps ensure that websites remain secure and up-to-date with minimal effort.

The certificate list includes the following details:
Common Name. The single hostname or wildcard name for a wildcard certificate. Click for more information about the certificate.
Issuer. The certificate authority that signed the certificate.
Domains. The domain(s) certified by the Issuer.
Status. A color indicating the current status of the certificate:

• Green. The certificate is valid.
• Yellow. The certificate will soon expire and needs renewal.
• Red. The certificate has expired.
• Orange. Waiting for approval from Let’s Encrypt.
• Gray. The certificate is invalid.

Wildcard. Indicates if the wildcard certificate is enabled.
Creation. The date the certificate was issued.
Expiration. The date the certificate will expire.
Actions. Available actions for each certificate:

• Create certificate: Opens a form to create a new certificate.
• Delete. Removes the certificate from local storage and the Let’s Encrypt Certificate Authority.
• Check DNS TXT Records. Available only for Wildcard Certificates, as Let’s Encrypt uses DNS records for validation.
• Renew. Used when an SSL certificate is approaching its expiration date. You can choose to perform the renewal either through a Farm (using an HTTP farm with port 80 enabled) or via a Virtual IP.

  The Force Renewal option allows renewal even if the certificate is not close to expiration.

  Enabling Restart the farms that use this certificate will automatically restart and apply the renewed SSL certificate to all associated HTTPS farms immediately after the renewal process completes.

  

• Autorenewal. This option enables automatic renewal of a Let’s Encrypt certificate. You can configure the renewal process to occur either through a Farm (using an HTTP farm with port 80 enabled) or via a Virtual IP.

  The Force Auto-Renewal option triggers a daily certificate renewal, even if the certificate is not close to expiration.

  Enabling Restart farms that use this certificate will automatically restart and apply the renewed SSL certificate to all associated HTTPS farms immediately after the renewal process completes.