Skip to main content

Let's Encrypt Certificate function + automatically renewal

Comments

12 comments

  • Official comment
    Dana Anderson
    Product Support

    Thanks for taking the time to make this post.

    As a small team with a large product roadmap, we have to pick new feature based on the value they'll add to the most users possible.

    With feature requests posted to the community, we will gauge demand for this request.

    While waiting for your request to gather the support of our community, we suggest browsing the other request and showing support for requests that you find valuable as well.

     

  • Scan

    Any chance to get Let's Encrypt Certificate function in Cerberus 11? ;)

    4
  • Josh

    I just got Let's Encrypt configured and thought I'd share my experience with Let's Encrypt and Cerberus.  You can use Let's Encrypt with Cerberus 11 by using the Win-Acme (https://www.win-acme.com) client.

    What you need to do is setup Win-Acme to use the CentralSSL store & password in the settings.json file.  I also recommend making the private key exportable, but it'll probably work without doing that.  There are other things you can configure in the settings.json file, but the CentralSSL store and password would be the minimum.

    When you extract the Win-Acme client there will be a folder in there called "scripts".  Create a new file in there called "Cerberus.cmd" or something to that effect.  Edit the file and put the following text in there:

    net stop "Cerberus FTP Server"
    net start "Cerberus FTP Server"

    Save the file and close it.

    Open the Win-Acme client in an administrator command prompt.

    Choose "2: Manual input"

    Type the name of your domain:  "ftp.domain.com"

    Hit enter or type in a friendly name

    Choose "2: Serve verification files from memory" or another method you're familiar with

    Choose "2: RSA key"

    Choose "2: PEM encoded files (Apache, nginx, etc.)"

    Type the folder name where to store the .pem files.  I chose "C:\CentralSSL" for simplicity

    Choose "5: No (additional) store steps"

    Choose "3: Start external script or program"

    Enter the path to the script we just created.  I used "C:\Win-Acme\Scripts\Cerberus.cmd"

    Just hit enter at the next step where it asks for additional parameters

    Choose "4: No (additional) installation steps"

    The Win-Acme client will run and if everything was configured correctly you should end up with all the files in the "C:\CentralSSL" folder.

    Now go into the Cerberus admin configuration tool and set the Certificate, Private Key, CA Certificate Path, and the password you setup for the settings.json CentralSSL configuration file.  Click Verify and then update.  That should load the certificate into Cerberus.

    The next time the Win-Acme client runs to renew the certificate the script we created will stop and start the Cerberus FTP Server service after the certificate has been renewed.  Cerberus will then load/use the new certificate that was just created.

    Hope that helps!
    Josh

    4
  • Anders Vannman

    Hi,

    Any news regarding support for Let's encrypt?

    Or - if there isnt any plans for it, does anyone has an advice for another good replacement for Cerberus FTP?

    1
  • Keith Moran

    Please add Lets Encrypt support.

    1
  • Scan

    Thank U Josh for the excellent manual!

    Just tried it - work perfectly :) Anyway, I found perfect solution for me - the cheap 4-years GoGetSSL certificate :) (~3$/year). The last actual certificate will expire 2023-12-04. So I hope, till that time the Cerberus will get the LetsEncrypt support :)))

    1
  • It-service

    Joshs solution is still working under v12 of Cerberus FTP.
    With th new win-acme exe file you have some diffentent selections but it works great!

    Thanks, Josh.

    Stay healthy.

    1
  • Dana Anderson
    Product Support

    I will need to follow up with the product team here at Cerberus but it's good to know we do have a workaround in place. 

    Thanks, Josh for your amazing work. 

     

     

    1
  • Josh

    Thanks for the feedback and glad it worked for you.

    I checked out the GoGetSSL's and it looks like the pricing has gone up a little.  I'm glad to have a solution to use Let's Encrypt.

    Josh

    0
  • Scan

    Josh, please check the prices inside your GoGetSSL client's panel - check my screenshot below:

     

    For me they offer 5 years DV SSL cert for 15$ :) I think it's a good price.

    Anyway - Let's Encrypt is also very good option, even if U will need to do some additional steps each few months.

     

    Have a nice day!

    0
  • Josh

    Ahh ok, yeah that's a pretty good deal!

     

    Once setup, you really shouldn't have to do anything with Let's Encrypt.  The scripts should take care of everything, but I agree $15 is a great deal!

    0
  • Josh

    Glad to hear this is still working.

    One thing I found out is that when Cerberus is updated the links to the PEM files in the central SSL don't point/reference to that any more, but rather the certificates folder in the Cerberus ProgramData folder.

    So I modified the "Cerberus.cmd" file to read the following:


    copy C:\CentralSSL\ftp.domain.com-crt.pem "C:\ProgramData\Cerberus LLC\Cerberus FTP Server\certificates\" /Y
    copy C:\CentralSSL\ftp.domain.com-key.pem "C:\ProgramData\Cerberus LLC\Cerberus FTP Server\certificates\" /Y
    copy C:\CentralSSL\ftp.domain.com-chain.pem "C:\ProgramData\Cerberus LLC\Cerberus FTP Server\certificates\CACerts.pem" /Y

    net stop "Cerberus FTP Server"
    net start "Cerberus FTP Server"

     

    After doing that the latest files are in the certificates folder so if you happen to upgrade the certificates are still available.

    Josh

    0

Please sign in to leave a comment.