Let’s Encrypt is a global Certificate Authority (CA). This organization is nonprofit and does not charge any fees for their certificates.
• Publicly accessible domain that resolves to the HALB or Secure Gateway directly or through third-party load balancers.
• On the HALB and Secure Gateway, port 80 must be opened for incoming Let’s Encrypt requests.
To issue a new Let’s Encrypt certificate:
1 In the RAS Console, navigate to Farm > Certificates.
2 Click the Tasks drop-down menu and choose Let’s Encrypt.
3 Select the "I have read and accept Let's Encrypt EULA" option.
4 In the Expiration emails field list specify the email addresses that will receive notifications from Let’s Encrypt.
5 Optionally, change the time when certificates are renewed automatically in the Automatically renew certificates before expiration field.
6 Click OK.
7 Click the [+] button to the left of the Tasks drop-down list and choose Issue Let's Encrypt certificate.
8 In the Issue Let's Encrypt certificate dialog, specify the following:
• Name: Name of the certificate.
• Description: Description of the certificate.
• Usage: HALB and/or Secure Gateway.
• Key size: Key size.