How to configure Let's Encrypt on Cipafilter

How to: Configure Let's Encrypt

This KB article is applicable to users on versions 10.0 and above.


This KB will detail how to configure Let's Encrypt. Let's Encrypt is a free, self renewing certificate introduced in version 10 firmware. Let's Encrypt provides a custom certificate that will allow users to utilize the Proxy Auto Config (PAC) file. Please see the related KB attached at the bottom for further instructions regarding PAC file usage.


Step 1.
 Set aside a domain name that is different than that of the Cipafilter. This can be any domain as long as it its owned by your organization and points to the External address of the Cipafilter.

Note: An example of a commonly used domain name is

Step 2. Create a DNS record that points the Let's Encrypt domain to the external IP address of the Cipafilter.

Step 3. Once the DNS changes are made, navigate to Customization > Portal Certificate and then select the drop down for Lets Encrypt. Fill in the fields with the appropriate information

Step 3. Click "Test Let's Encrypt Settings" if everything checks out OK, click "I Agree - Enable Let's Encrypt"

Step 4. Congratulations! You've successfully enabled Let's Encrypt!

Note: If you have set up Google O'auth prior to configuring your custom portal certificate, please update the redirect URI's found under Web Filtering > Authentication. Please see this link for more information regarding the PAC file.

    • Related Articles

    • How To: Setup Remote (1-to-1) Filtering aka Seamless Filtering

      In order to remotely filter your devices, we will need several things in place beforehand. The first of which is an A record (host record) setup in your internal DNS to point at the internal IP address of the Cipafilter. The second thing we'll need ...
    • Manual - Web Filtering

      The first thing to decide with regard to Web filtering is whether to run individual subnets in transparent or non-transparent (proxy server) mode. Transparent mode  — no client configuration is required, the Cipafilter simply intercepts all traffic ...
    • Google Apps Domain Restriction

      This KB is relevant to users on versions 9.0 and above. Issue This KB will demonstrate how to enable Google Apps Domain Restriction Many Google Web properties, including Gmail, support a custom header which restricts access to the sites to accounts ...
    • Manual - Portal

      The Cipafilter portal is a Web site that acts as a central point for Web-based authentication and SSL certificate installation. It can be accessed manually from any client which is proxying through the Cipafilter via; some users ...
    • Manual - Customization

      The Customization page provides the ability to customize the appearance and functionality of the captive portal and reject (block) page. Note: Although it is not required, all of the text fields on this page accept raw HTML.  Advanced users may wish ...