How do I setup Let's Encrypt with the Web Reports?
Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Their service offers free TLS/SSL certificates and can be used with the EventSentry Web Reports.
Step 1: Download the Win-ACME client
- Navigate to Win-ACME with your web browser: https://www.win-acme.com/
- Download the latest zip file
- Extract: win-acme...x64.pluggable.zip
C:\Program Files\win-acme\
Important Note: Your WebReports installation must be accessible from the internet on port 80, and your domain must be publicly resolved by DNS servers in order to LetsEncrypt can verify the domain and issue the certificate.
Step 2: Create the certificate
- Launch an elevate command prompt
- Run the Win-ACME client: wacs.exe (Some Windows will display a warning sign preventing the application to run, click on More info and then Run)
 | M: Create new certificate (full options) |
 | 2: Manual input |
 | demo.example.com |
 | <ENTER> |
 | 4: Single Certificate |
 | 1: [http] Save verification files on (network) path |
 | C:\Program Files\EventSentry\WebReports\web\webapps\ROOT\WEB-INF\application |
 | N: no |
 | 2: RSA key |
 | 1: IIS Central Certificate Store (.pfx per domain) |
 | C:\Program Files\EventSentry\WebReports\conf |
 | 1: No password |
 | 5: No (additional) store steps |
 | 3: No (additional) installation steps |
Note: During the process of validating the domain you may see the error "Preliminary validation failed because 'An error occurred while sending the request.'", that error pop ups sometimes, but the process finish valid.
Step 3: Setup Web Reports with certificate:
Configure a TLS connector by editing the server.xml file, by default located in:
(Default file location: c:\Program Files\EventSentry\WebReports\web\conf)
1 2 3 4 5 6 7 8 |
<Connector port="8443" protocol="HTTP/1.1" relaxedQueryChars="[]" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\EventSentry\WebReports\conf\demo.example.com.pfx" keystorePass="" keystoreType="PKCS12" sslEnabledProtocols="TLSv1.2"/> |
If you would also like to disable HTTP, look for this connector:
Either delete it or comment it out (enclose it in <!-- and -->)
Step 4: Restart EventSentry Web Reports service
After restarting the "EventSentry Web Reports" service, navigate to https://demo.example.com:8443 to test & access the web reports through TLS.
Step 5: Scheduling the TLS renewal
Now that the web reports are running with a valid certificate, it's recommended to automatically renew the certificate since Let's Encypt only issues ceritificates for 90-days at a time. Running the wacs.exe command with the --renewal flag will check the certificate's expiration date and automatically renew your certification 55-days after creation. This provides you with an adequate amount of time to resolve any issues that may arise when renewing your certificate.
You can utilize the EventSentry's Application Scheduler to check for updates every day at 9AM:
As an alternative, you can also schedule the command with the Windows Task Scheduler:
Notes: If you encounter the error BadRequest, please ensure you are running the latest version of Win-ACME. Recent HTTPS encryption changes on the Let's Encrypt server may trigger bad request errors in older versions of Win-ACME, as they do not support these changes.
