in Security, SSL

HOWTO: Letsencrypt SSL certificate in Mikrotik

In this howto I’m going to cover how to create an SSL Certificate using letsencrypt for your Mikrotik in Mac OS. In linux should be quite similar (probably easer) and you can follow the same tutorial.

Installing letsencrypt certbot

Download page: https://certbot.eff.org

I have selected linux as an OS so I got the wrong instructions the first time. Please Mac users skip this one.

There we go with all the instructions for Mac OSX.

This error is fine as we have not run certbot as root. So we are ready to go.

Now you create your DNS TXT record on your domain name. This will depend on which domain provider you use. In my case I use CDmon which is a small company in Catalonia so the instructions has not been posted here.

Wait a while until the DNS records got propagated. You can check if this is ready with:

Continue the certificate process on certbot

Mikrotik configuration

We just need to upload that certificates to our router, select them as a certificates and use them on our web server.

Uploading files

Files > Upload:

  • Upload cert.pem
  • Upload chain.pem

Importing certificates

Go to System > Certificates > Import

  • Import cert.pem
  • Import chain.pem

Enabling SSL on our web server

On Webfig go to IP > Services and click www-ssl. Select cert.pem, check Enabled and click Ok.

Enabling external traffic to reach our HTTPS web server

Ip > Firewall: Add new

Chain: input
Protocol: TCP
Dst. Port: 443
Action: Accept
Click Ok

Move the rule on the right position of the rule chain. (Above the rules drop input).

Validation

Go to your mikrotik: https://your.domain.name

Additionally you can check your SSL here: https://www.sslshopper.com/ssl-checker.htm

Conclusion

Now you can have a secure and encrypted access to your Mikrotik Router from everywhere with a valid SSL for free.

Drawbacks let’s encrypt certificates are only valid for 90 days so, you will have to keep renewing them.

Looking for a mikrotik to buy?

For home use I have Mikrotik hAP ac2 with double wifi chipset and gigabit ethernet. Gigabit ethernet, USB port, 4 cores and wifi ac for just £55.

For learning, experimenting and as an access point (protocol N) I recommend the cheapest Mikrotik hAP lite . It has the same features with more discrete hardware at a reduced price of £20.

For a small office or more demanding networks you would be better off with the RB2011UiAS-2HnD-IN due to have more available ports for all the extra devices. Just for £99.

Write a Comment

Comment