https://man.liquidfiles.com
LiquidFiles Documentation

LiquidFiles has built-in support to use Let's Encrypt certificates as an alternative to traditional CA signed certificates.

This article is for Let's Encrypt certificates. If you're looking to use traditional certificates, please see this article instead.

In order to use Let's Encrypt certificates, there are a couple of things that are required:

  • You need to be able to configure DNS to point a DNS name to your LiquidFiles instance.
  • You need to use the standard ports for http: TCP/80 and https: TCP/443, or Let's Encrypt won't be able to verify the domain. Using ports like 8080 and 8443 doesn't work.
  • You need to permit both port 80 and 443 in your firewall to LiquidFiles. You can still configure LiquidFiles to only use https TCP/443 in Admin → System → Network, but http TCP/80 is required by Let's Encrypt to validate the domain.

Configure DNS

The first step you need to do is to configure your DNS server with a friendly name to the LiquidFiles system. This is going to look a bit different depending on your DNS server or service. Please consult the DNS administrator if you struggle with this.

images/system/certificates/dns_config.png

In this example we are configuring files.liquidftest.com as the LiquidFiles system name.


Enabling Let's Encrypt

If you have configured DNS correctly, you should be able to connect to your name, files.liquidftest.com in our example. Please also note that at this point you will still get a certificate warning.

images/system/certificates/lets_encrypt_1.png

You are now ready to configure Let's Encrypt. Please go to Admin → System → Certificate. Please click on the Let's Encrypt tab and you should see something similar to:

images/system/certificates/lets_encrypt_2.png

Please click on Enable Let's Encrypt to enable Let's Encrypt.

images/system/certificates/lets_encrypt_3.png

That's all you need to do, you should now see a "green" symobol in the browser certificate check, and certificate details similar to the following screenshot.

images/system/certificates/lets_encrypt_4.png

Also, please note that there's no further action needed in the future either. The certificate will automatically renew when it's about to expire.