Currently the CES setup for new instances offers options to import certificates or use self-signed ones. Both options aren’t ideal, because externally created certificates tend to be expensive while self-signed certificates are not ensuring a secure connection to the system.
Therefore I would like to propose the integration of a Let’s Encrypt certificate option into the CES setup process to get the user free and secure certificates without any trouble.
The integration should fulfill the following requirements:
- Automatic generation of the certificates
- Automatic renewal of the certificates
- An additional option to select Let’s Encrypt certificates in the “Certificate Type” dialog of the CES setup process
Let’s Encrypt certificates are free, signed by an open Certificate Authority and can be obtained automatically.
Utilizing Let’s Encrypt, the CES automatically gets secure, trusted and up-to-date certificates without any user interaction needed.
The integration of an Let’s Encrypt option into the CES setup should be feasible by using one of the many tools and libraries provided for this task, e.g. the lego library for Go.