Let's Encrypt + FreePBX

Let's Encrypt allows you to obtain X.509 certificates for TLS automatically and at not charge. There are different ways to obtain a valid certificate depending on the system that you are setting up. We will be going over Let's Encrypt and FreePBX.

This article will work with a system running FreePBX 13 or newer. Other requirements are that you have a valid A record that resolves the FreePBX IP. For example if your PBX is at IP: 104.24.99.145 you would want an pbx.harrison-technology.net dns record to point to 104.24.99.145.

Enabling Port 80 to respond to Let's Encrypt>

There are a couple ways that Let's Encrypt allows verification. From saving a challenge in a .well-known folder or saving a challenge in a DNS record. FreeBPX saves the challenge code in the .well-known folder.

We need to setup the web server to allow responses to Let's Encrypt on port 80. Navigate to Admin > System Admin > Port Management. Change the Letsencrypt port to port 80 and admin port to 8080.

Generate Let's Encrypt Certificate

We can now request a TLS certificate from Let's Encrypt. We can navigate back to Admin > Certificate Management. Click New Certificate and Generate Let's Encrypt Certificate.

Fill in your certificate host name and other pieces of information on the next screen as seen below.

Selecting Default Certificate

Once the certificate has been generated we need to tell the server to use the newly generated certificate. Navigate to Admin > System Admin -> HTTPS Setup. Under Certificate Manager click the newly created certificate and click Install.