in Security, SSL

HOWTO: Letsencrypt SSL certificate in Mikrotik

In this howto I’m going to cover how to create an SSL Certificate using letsencrypt for your Mikrotik in Mac OS. In linux should be quite similar (probably easer) and you can follow the same tutorial.

Installing letsencrypt certbot

Download page: https://certbot.eff.org

I have selected linux as an OS so I got the wrong instructions the first time. Please Mac users skip this one.

There we go with all the instructions for Mac OSX.

This error is fine as we have not run certbot as root. So we are ready to go.

Now you create your DNS TXT record on your domain name. This will depend on which domain provider you use. In my case I use CDmon which is a small company in Catalonia so the instructions has not been posted here.

Wait a while until the DNS records got propagated. You can check if this is ready with:

Continue the certificate process on certbot

Mikrotik configuration

We just need to upload that certificates to our router, select them as a certificates and use them on our web server.

Uploading files

Files > Upload:

  • Upload cert.pem
  • Upload chain.pem

Importing certificates

Go to System > Certificates > Import

  • Import cert.pem
  • Import chain.pem

Enabling SSL on our web server

On Webfig go to IP > Services and click www-ssl. Select cert.pem, check Enabled and click Ok.

Enabling external traffic to reach our HTTPS web server

Ip > Firewall: Add new

Chain: input
Protocol: TCP
Dst. Port: 443
Action: Accept
Click Ok

Move the rule on the right position of the rule chain. (Above the rules drop input).

Validation

Go to your mikrotik: https://your.domain.name

Additionally you can check your SSL here: https://www.sslshopper.com/ssl-checker.htm

Conclusion

Now you can have a secure and encrypted access to your Mikrotik Router from everywhere with a valid SSL for free.

Drawbacks let’s encrypt certificates are only valid for 90 days so, you will have to keep renewing them.

Write a Comment

Comment