+140
Pending Review

Add Let's Encrypt support to base screenconnect functonality

Thomas-Louis Laforest 4 years ago updated by anonymous 2 months ago 35 1 duplicate

With LetEncrypt now in production It will be an ansome feature if ScreenConnect woukd support it strait at install.

you could offert ssl support out of the box for all client raising the security of your application and reducing the effort for end user to set it up.

Available in Version:

Duplicates 1

This is a very good idea, and will be much more if it's possible thru the web interface like cPanel do.


See website here for example: https://letsencrypt-for-cpanel.com/


Maybe it can be an extension with a one-time fee.


And after that we can just forget about renewing our cert.

+6

why the fee letecrypt give the certificate for free.

+2

@Koncept Technologies "Maybe it can be an extension with a one-time fee."


No way! The whole point of Let's Encrypt is that it is free. Charging to implement ACME is unethical. The point of Let's Encrypt is to make HTTPS usable by everyone. 


Charging, even small amounts, is against the point - you can already get cheap certs for a few dollars. The point is certificate authorities can no longer justify charging for DV when it can be automated for free.


I'd only support it if 100% of the proceeds were a donation to Let's Encrypt.

+1

I almost didn't find this one because of the spelling. Can you update the title to include "Let's Encrypt" so we can try to get more traction on this one? Would love to see the ability to generate/install a Let's Encrypt certificate right from within the GUI. Thanks!

+4

This is a must. Please implement this asap

+4

+1 for this. Easy encryption of the web interface should be pretty standard now where remote access is used.

+1

Great feature, thought I already have it running with SSL/paid certificate, this is a must have. Make it possible to add multiple host names in the configuration of Let's Encrypt!

+2

Agree, this is a no-brainer add-on. We have been moving almost all our certificates to Lets Encrypt as they expire. I never understood why certificates were so expensive. Always felt like I was getting ripped off by cert companies.


There are plenty of open source apps like winsimple to use as a guide.

+1

+1 this is a great idea, I'm surprised so many others have thought about this too! 

+1

+1 in times of encryption I agree as well that this has to be a no-brainer add-on.

+1

+1 Anything I say here would just repeat what others have already stated. I would love to see this!

+1

+1 for this! We need to secure connectwise easly without some hoops to go thrue!

This would be great if this got into a a Release soon.

Pending review for 3 years!? Can we at least get a status update?

+1

YO YO make it GO!!!   Get the review over with and lets move on the encryption!!

PLEASE!!

oh yes please pretty please

We've planned to configure Let's Encrypt for the system, so a way to get Control to automate this process would be highly appreciated.

How about getting this done?

+1

This would be awesome if it could be implemented by you guys. Anything to increase security especially now that hackers are targeting MSPs to propagate Crypto through MSP tools.

+1

Yes, please do this!

+1

Yes, please get Let's Encrypt support into ConnectWise Control ASAP!

+1

Another vote for please get moving on adding Let's Encrypt support.

Yes. Please. Let's Encrypt!. It's long overdue this feature.

Please add this feature!

HUUUUUUUUUUUUGE +1 please! I could afford another license if I didn't have to pay for a certificate!

on Prem  Screenconnect using   Linux  Nginx  Lets Encrypt ... 

Nginx  as web proxy, Lets Encypt pretty straight forward using the certbot see https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

NGINX config file ...web server working  ..  need to get relay working on port 443  so it will work on more firewalls as business routers will most likely block port 8041 which is the relay port fro screenconnect 

server {
listen 80;
listen [::]:80;
server_name example.co.uk www.example.co.uk relay.example.co.uk sc.example.co.uk;

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;localhost
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8040;
proxy_redirect off;
}
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.co.uk www.example.co.uk sc.example.co.uk;

ssl_certificate /etc/letsencrypt/live/example.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8040;
proxy_redirect off;
}
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name relay.example.co.uk;

ssl_certificate /etc/letsencrypt/live/example.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8041;
proxy_redirect off;
}
}

Another vote for Yes, please get Let's Encrypt support into ConnectWise Control ASAP!

As you're not using a standard web server, support for LE should already be built in. 

+2

ScreenConnect doesn't sit on top of a standard web server (such as Nginx / IIS / Apache) - it implements the web server as it's own custom service.  As such the standard / known ways of configuring LE for standard servers aren't applicable. That means SC need to take responsibility for building this support in, and I suggest should really have already done this.