Automate - Configure an HTTPS Certificate with Let's Encrypt with Automatic Renewal

The material in this document is for informational purposes only. The products it describes are subject to change without prior notice, due to the manufacturer’s continuous development program. Rampiva makes no representations or warranties with respect to this document or with respect to the products described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.

Introduction

This article describes how to configure Rampiva Automate with a valid HTTPS certificate that is automatically renewed before expiration.

Prerequisites 

  • Rampiva Automate 5.0 or later

  • Deployment publicly accessible from the Internet

  • DNS name pointing to Automate public IP address


Instructions

A. Verify Public Access

1

Browse to Automate over HTTPS using the public IP address, for example https://54.196.174.43, to ensure that Automate is accessible on this IP.

A warning message is expected because by default Automate uses a self-signed HTTPS certificate.

If the page is not accessible, contact your network administrator to ensure that Automate is accessible using this IP address.

 

2

Browse to Automate over HTTPS using the DNS name, for example https://test.rampivalab.com , to ensure that Automate is accessible using this DNS name.

B. Obtain an HTTPS Certificate

1

Download win-acme from https://www.win-acme.com/

2

Unzip the archive to a permanent location, for example C:\Program Files\win-acme.

3

From the win-acme folder, run wacs.

4

Type M, to create a certificate with full options.

5

Type 2, for manual input.

6

Enter the DNS name under which Automate is accessible, for example test.rampivalab.com

7

Press Enter to accept the name.

8

When prompted to verify the identify of the domain name, leave the window open and continue to the next step.

 

9

Run Notepad as Administrator.

 

10

Open the file C:\ProgramData\Rampiva\Automate\Scheduler\config\config.yml

11

From the server section, remove the three lines which make Automate listen on port 80:

- type: http port: 80 bindHost: 127.0.0.1
12

Save the edited config.yml file.

 

13

Restart the Rampiva Scheduler service.

 

14

Return to the win-acme application.

 

15

Type 2, for the option [http-01] Serve verification files from memory.

16

Press Enter to accept the default private key format.

17

Type 3, for the certificate store format PFX archive.

18

Paste the file path C:\ProgramData\Rampiva\Automate\Scheduler\config

19

Type 2, to provide the password for the PFX archive, corresponding to the option Type/paste in console.

20

Type the password defaultPassword1234

 

21

Type Y to save the password to the vault so that the certificate renewal process can run unattended.

22

Provide a name for the secret, for example Rampiva Automate Keystore.

23

Type 5 for No (additional) store steps.

 

24

Type 3 for Start external script or program.

 

25

Paste the file name C:\Program Files\Rampiva\Automate\Scheduler\Rampiva Scheduler.exe

26

Type the parameter restart

27

Type 4 for No (additional) installation steps.

 

28

When prompted whether to specify the user the task will run as, type N.

29

Type Q to quit.

 

 

C. Configure Automate to Use the Certificate

1

Run Notepad as Administrator.

 

2

Open the file C:\ProgramData\Rampiva\Automate\Scheduler\config\config.yml

3

Update the keyStorePath setting to point to the PFX store created by win-acme in the config folder, for example: C:/ProgramData/Rampiva/Automate/Scheduler/config/test.rampivalab.com.pfx

4

Update the keyStorePassword setting if a non-default password was used in the previous section when configuring the PFX store in win-acme.

5

Add the parameter keyStoreType with the value PKCS12, making sure to use the same indentation as the previous lines.

6

Save the edited config.yml file.

7

Restart the Rampiva Scheduler service.

 

8

Browse to Automate over HTTPS using the DNS name, for example https://test.rampivalab.com to confirm that the certificate was deployed correctly.