Link Search Menu Expand Document

Using Let’s Encrypt certificates

TunnelHound comes with turnkey support for using Let’s Encrypt certificates. To use a Let’s Encrypt certificate you will need to have the following set up:

  • Your service must be publicly available via a DNS domain name
  • You must have ports 80 and 443 accessible by any internet host

For questions on the technology and requirements behind Let’s Encrypt, see the Let’s Encrypt Technical FAQ.

Setting up Let’s Encrypt

To set up Let’s Encrypt on your appliance, first navigate to the ‘Admin settings’ page. You must be logged in as a super user.

Diagram of the Admin settings menu

Then, scroll down until you get to the SSL certificate section, and click on the change icon next to the ‘Certificate Source’ property, as highlighted below.

Certificate Source change button

Configuring your certificate

When the certificate pop-up box appears, choose Let’s Encrypt from the set of options and click Next. You will be presented with some options for your domain.

Let's Encrypt configuration dialog

By default, the system will be configured to provide a certificate for the domain by which you’re currently accessing your appliance. If this is not what you want, change the domain name here. The domain name is the part without the <pre>https://</pre> and the trailing path.

If you want to use your device from multiple domains, you can add them below in the ‘Extra Domains’ field. All the domains you add here must be configured in the DNS to point to your appliance, or your certificate will not be issued.

Finally, Let’s Encrypt requires that you provide some contact information in case you need to be contacted about your certificate. This is pre-filled based on the e-mail of the current super user, but can be changed to whatever you want.

Once you are satisfied with all your options, click the Next button. You will see a notice pop up informing you that your certificate is being fetched. In a few minutes, refresh the page. You should see the ‘Certificate Source’ has changed to Let’s Encrypt, and your browser should now pick up the new certificate.

Successful acquisition of a Let's Encrypt certificate


If there was an error with your certificate, there will be an error box describing what happened, like the screenshot below. Please refer to the Let’s Encrypt support site for information on how to fix your error, or reach out to TunnelHound Support.

Example of a Let's Encrypt Error

Copyright © 2020 F Omega Enterprises LLC
"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld.