It is possible to set up GreenRADIUS to automatically obtain and install certificates from Let's Encrypt. These are the steps to obtain and install a certificate and configure your GreenRADIUS to automatically renew its certificate from Let's Encrypt.
- GreenRADIUS v184.108.40.206 or later
- A valid domain name with the A record pointing at GreenRADIUS
- GreenRADIUS must be connected to the Internet with the ability to make outgoing connections on port 443 and accept incoming connections from any IP address on port 80. (Note: In order to enable incoming connections on the internal UFW firewall (if enabled), run
sudo ufw allow 80in the GreenRADIUS command line.)
- Log into your GreenRADIUS instance via SSH
snap install core
snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot certonly --standalone
- Follow the onscreen instructions. After this, your certificate files will be placed in a directory at
/etc/letsencrypt/live/<your site name>/. This contents of this folder will be updated as needed by Certbot, so the certificate here should always be fresh.
- Download the automatic installation script from this link and unzip it. You should now have a file called
chmod +x /etc/letsencrypt/renewal-hooks/deploy/install-grva.sh.
certbot renew --force-renewaland verify that no errors occurred.
You should now find that the new certificates have been installed on GreenRADIUS. Certbot will periodically refresh the certificates; there may be a few seconds where GreenRADIUS is unavailable when this occurs (approximately once per month).
© 2023 Green Rocket Security Inc. All rights reserved.