When you create a new Let’s Encrypt certificate using Parallels RAS, the following process is carried out:

1. Parallels RAS Primary Connection Broker that hosts the licensing role makes the initial request to the Let’s Encrypt server to create an account.

2. Account creation confirmation is received. Parallels RAS creates a CSR and sends it to the Let’s Encrypt server.

3. A list of challenges is received, and Connection Broker reads the HTTP token sent by the Let’s Encrypt server.

4. Secure Gateway or HALB retrieves the tokens from the Connection Broker.

5. Once ready, Connection Broker notifies the Let’s Encrypt Server.

6. Let’s Encrypt starts the verification process by going to the Secure Gateway or HALB and confirming the availability of the token.

7. Challenges are completed including confirmation that the Secure Gateways or HALB can reply to the domain mentioned.

8. Assuming that the challenge is completed successfully, Parallels RAS requests a certificate.

9. Valid certificate is downloaded from the Let’s Encrypt server to Connection Broker.

10. Connection Broker distributes the certificate to the Secure Gateways or HALB.

Let’s Encrypt is a global Certificate Authority (CA). This organization is a non-profit and does not charge fees for their certificates. Each certificate is valid for 90 days. RAS Console allows you to issue, automatically renew and revoke Let's Encrypt certificates.

Issuing a Let's Encrypt certificate

To issue a new Let’s Encrypt certificate:

1. Navigate to Infrastructure > Certificates.

2. Click the ellipsis menu ( the [...] icon) and choose Let's Encrypt Settings.

3. Select the I have read and accept Let's Encrypt EULA option.

4. In the Expiration emails field list specify the email addresses that will receive notifications from Let’s Encrypt.

5. Optionally, change the time when certificates are renewed automatically in the Automatically renew certificates before expiration field.

6. Navigate back to Infrastructure > Certificates.

7. Choose Add > Issue Let's Encrypt certificate from the [...] menu and specify the following options:

   • Name: Name of the certificate.

   • Description: Description of the certificate.

   • Usage: HALB and/or Secure Gateway.

   • Key size: Key size.

   • Country code: Code of your country.

   • Full state or province: Name of your state or province.

   • City: Your city.

   • Organization: Name of your organization.

   • Organization unit: Name of your organization unit.

   • E-mail: Email address of your organization.

   • Common name: Valid domain name of a HALB or Secure Gateway.

   • Alternative names: Valid domain names of HALBs or Secure Gateways.

8. Click Issue certificate.

Renewing a Let’s Encrypt certificate manually

To manually renew a Let’s Encrypt certificate:

1. Navigate to Infrastructure > Certificates.

2. Select the certificate that you want to renew.

3. Select Control > Renew from the [...] menu.

Revoking a Let’s Encrypt certificate

To revoke a Let’s Encrypt certificate:

1. Navigate to Infrastructure > Certificates.

2. Select the certificate that you want to renew.

3. Select Control > Revoke from the [...] menu.