Using Let's Encrypt with your own domain name

The following procedure shows you how to set up an encrypted HTTPS port under your own domain name for your services, and obtain a matching certificate from Let’s Encrypt.

This requires solving the ACME HTTP-01 challenge, and this involves routing an HTTP request from the ACME server (the Certificate Authority) to the cert-manager challenge-solver pod.

Complete the following steps.

1. Open the Backyards web interface, and navigate to MENU > GATEWAYS > OVERVIEW.

2. Select the gateway you want secured. Note that the SERVICE TYPE of the gateway must be LoadBalancer. The load balancer determines the IP address(es) to be used for the ACME HTTP-01 challenge. In the following example, it’s istio-ingressgateway.

   

3. Point your domain name to the IP address or DNS name found in the ADDRESS field.

4. Configure the ingress gateway.

   1. In the Ports & Hosts section, click CREATE NEW in the upper right corner.

   2. Select the HTTPS protocol and the port you want to accept incoming connections on (probably 443).

   3. Enter your domain name into the HOSTS field. To enter multiple domain names, use Enter.

      Note: If you don’t want to use your own domain name, you can set up a domain under .banzaicloud.io for testing purposes. Just select use .banzaicloud.io: a new domain name will be generated for you, then you can add a subdomain under the generated domain name.

   4. Select Use Let’s Encrypt for TLS to get a certificate for your domain from Let’s Encrypt.

   5. Enter your email address. This address is forwarded to Let’s Encrypt and is used for ACME account management.

      

   6. Click CREATE

   7. Two more items appear in the Ports & Hosts list for your domain name:

      • One on the HTTPS port (for example, 443) for the incoming connection requests, and
      • the other on port 80 for solving the ACME HTTP-01 challenge.

      A warning icon shows if the HTTPS port is not valid yet.

      

5. Wait while the certificate arrives. After a short while the item with port 80 and protocol HTTP disappears, and a green check mark appears next to HTTPS. This shows that the certificate has been issued and is used to secure your domain:

   

6. Set up routing for your service. Use the gateway, host, and port number you provided in this procedure. For details, see Routes and traffic management.

   

7. Test that your service can be accessed, and that it shows the proper certificate.