Using Let's Encrypt with your own domain name

The following procedure shows you how to set up an encrypted HTTPS port under your own domain name for your services, and obtain a matching certificate from Let’s Encrypt.

This requires solving the ACME HTTP-01 challenge, and this involves routing an HTTP request from the ACME server (the Certificate Authority) to the cert-manager challenge-solver pod.

Complete the following steps.

  1. Open the Service Mesh Manager web interface, and navigate to MENU > GATEWAYS > OVERVIEW.

  2. Select the gateway you want secured. Note that the SERVICE TYPE of the gateway must be LoadBalancer. The load balancer determines the IP address(es) to be used for the ACME HTTP-01 challenge. In the following example, it’s istio-meshexpansion-gateway-cp-v113x.

    gateways gateways

  3. Point your domain name to the IP address or DNS name found in the ADDRESS field.

  4. Configure the ingress gateway.

    1. In the Ports & Hosts section, click CREATE NEW in the upper right corner.

    2. Select the HTTPS protocol and the port you want to accept incoming connections on (probably 443).

    3. Enter your domain name into the HOSTS field. To enter multiple domain names, use Enter.

    4. Select Use Let’s Encrypt for TLS to get a certificate for your domain from Let’s Encrypt.

    5. Enter your email address. This address is forwarded to Let’s Encrypt and is used for ACME account management.

    6. Click CREATE.

    7. Two more items appear in the Ports & Hosts list for your domain name:

      • One on the HTTPS port (for example, 443) for the incoming connection requests, and
      • the other on port 80 for solving the ACME HTTP-01 challenge.

      A warning icon shows if the HTTPS port is not valid yet.

      gateways gateways

  5. Wait while the certificate arrives. After a short while the item with port 80 and protocol HTTP disappears, and a green check mark appears next to HTTPS. This shows that the certificate has been issued and is used to secure your domain:

    gateways gateways

  6. Set up routing for your service. Use the gateway, host, and port number you provided in this procedure. For details, see Routes and traffic management.

    gateways gateways

  7. Test that your service can be accessed, and that it shows the proper certificate.