CNC Certificate Manager & Let's Encrypt SSL/TLS Support

**Bob** · 10-18-2016, 09:31 AM

FutureQuest is very pleased to announce a new CNC Module, "Certificate Manager", has been made available to all accounts today.

The "Certificate Manager" will allow each account holder the ability to view their TLS/SSL Certificate information, such as expiration date, as well as update their certificate themselves.

A Knowledgebase Article regarding the "Certificate Manager" can be viewed here:
https://Service.FutureQuest.net/kba618

Also as promised in this earlier post, FutureQuest is now providing full Let's Encrypt TLS/SSL Certificate support, including automatic updates.

Each account that currently has a Let's Encrypt TLS/SSL Certificate (and those that add one in the future) will have their certificate automatically updated 15 days prior to expiration.
There is no need for any action to be taken by the account holder for this.

Additionally, when you initially Order a TLS/SSL Certificate Installation there will be an option to select a Let's Encrypt TLS/SSL Certificate and FutureQuest will create your initial certificate for you and install that certificate.

This does not, in any way, reduce support for TLS/SSL Certificates from other Issuers such as Thawte, GoDaddy, Verisign, etc... which will also be managed from your CNC "Certificate Manager" once initial installation is completed.

However as a result of instituting full Let's Encrypt Certificate support (which is a FREE Certificate) FutureQuest will no longer be providing New Shared Certificate Installations. Existing Shared Certificates will remain valid as long as the package remains active. Existing Shared certificate holders can upgrade to a Let's Encrypt, or other Private Certficate, by placing the appropriate order from their QuestAdmin login, normal pricing will apply. ( http://www.QuestAdmin.net/ )

We hope that this will make the process of maintaining Secure Certificates a bit easier and remove another barrier for site owners to make their sites HTTPS accessible.

phppete · 10-18-2016, 04:42 PM

That is excellent news. I've not been on here much, wasn't aware LetsEncrypt was in the pipeline. Lots of clients are on minimal budgets so it all helps. Having attempted LetsEncrypt on my local Ubuntu ages ago and failed miserably I can appreciate that this must have been no easy case of 'apt-get install'. Guessing it must have been a big undertaking on such a complex setup.

**Terra** · 10-18-2016, 06:24 PM

It took months of design, planning, implementation and testing to get it stable and reliable... What you see on the surface is backed by a lot of internal custom written plumbing that taps into the ACME protocol and integrates into our Genesis Class management systems... Overall, this was a highly requested feature and I hope the FutureQuest community will be pleased with the finished fruits from countless hours of toil and labor...

*chrisheng* · 10-18-2016, 11:11 PM

Thank you! Much appreciated!

10-19-2016, 01:10 AM

Hey, I think I was one of the first promulgators and adopters?

Can I get a certificate of appreciation or something like that? Maybe a smartphone

I've been here for donkey's (y) ears and expect to be here until I conk out.

Thanks Terra!

P.S. Bob is the best service rep ever. But I am beginning to think he is A.I.

**Bob** · 10-19-2016, 01:32 AM

I am Bob and I am Not A Robot... I am Not a Robot... I am Not a Robot...

No really I am not, and trust me, Artificial and Intelligent are not words my Wife would use to describe me LOL

Thanks,
Bob

*hobbes* · 10-19-2016, 06:20 PM

Thank you for this feature!

The KB article appears to cover a pre-installed LE cert. Given a non-LE cert, there is the option "Generate/use Let's Encrypt certificate" which is not included in the KB CNC Cert Man page.

Also, a few accounts do not have a Cert Man in the CNC. Is this because of having a reseller account?

And yes, Bob is an AI, that's why us old timers call him Watson behind his IP address. Or did we call him an intelligent Binary OBject (iBOB), after an Apple product from the late- early- 22nd century?

**Bob** · 10-20-2016, 01:52 PM

Quote:

Originally Posted by hobbes

Or did we call him an intelligent Binary OBject (iBOB), after an Apple product from the late- early- 22nd century?

Oyyyyyyyyyyyyy

Quote:

Originally Posted by hobbes

The KB article appears to cover a pre-installed LE cert. Given a non-LE cert, there is the option "Generate/use Let's Encrypt certificate" which is not included in the KB CNC Cert Man page.

Also, a few accounts do not have a Cert Man in the CNC. Is this because of having a reseller account?

I believe, but I have not tested, that you would be able to switch to a LE Cert from another Issuing Authority using the "Generate/use Let's Encrypt certificate".

You would use the "Update certificate" to update an existing Non LE Certificate (Update Certificate only appears in those accounts with an existing non LE Cert)

And finally you would use the "Update certificate with certificate from a different CA" option to change from an LE Cert to a Non LE Certificate.

Also if anyone has a problem with managing their own certificates they are free to write to us at the Service Desk, making sure to include the Certificate and Key (in text within the body of the email or specify a location within their account for us to access the Cert and Key) and we will be happy to update the certificate.

As far as the Certificate Manager not appearing in a CNC, that should not be related to a Resellers Account as far as I can determine. Can you send us an email with the domains involved.

-Bob

*chrisheng* · 10-21-2016, 01:40 AM

Quote:

Originally Posted by Bob

(Update Certificate only appears in those accounts with an existing non LE Cert)

-Bob

Hmm... Update Certificate appears in my account, and I have a LetsEncrypt cert, although one that was obtained prior to FQ's integration of LE into the CNC.

Does that mean that the CNC does not detect that I have an LE cert and that it won't auto-renew?

(Edit) Correction: "Update LetsEncrypt Certificate" appears in my account. My question still stands though...

**Bob** · 10-21-2016, 09:42 AM

Quote:

Originally Posted by chrisheng

(Edit) Correction: "Update LetsEncrypt Certificate" appears in my account. My question still stands though...

That indicates you have a LE Cert and the system is aware of that.

All existing LE certs, prior to unveiling the Certificate Manager, are covered by Automatic Updates.

-Bob