Using a LetsEncrypt SSL Certificate for a DEAR B2B Portal Custom Domain Name

LetsEncrypt is a certificate authority that offers free SSL certificates that you can use for the custom domain name of your DEAR B2B Portal. There are other certificate authorities that you can use, but LetsEncrypt not only offers free SSL certificates but makes certificate generation easy.

Before generating a free SSL certificate, you need to bind a custom domain name to your DEAR B2B portal. For more information, see Binding a Custom Domain Name to a DEAR B2B Portal.

NOTE: The instructions in this article assume that you have a basic understanding of Linux usage/commands and shell access to an Ubuntu Linux  web server. If you do not have shell access (or something similar) to your web server, your hosting provider might be able to assist you in generating a SSL certificate for the custom domain name of your DEAR B2B Portal.

To generate a LetsEncrypt SSL certificate, follow the steps below.

  1. Log on to your web server from any computer.
    ssh [user]@[server-address]
  2. Install Certbot in usr/bin/certbot.
    apt-get install software-properties-common
    add-apt-repository ppa:certbot/certbot
    apt-get update
    apt-get install certbot
  3. Stop any running instance on the web server.
  4. Generate the SSL certificate using the subdomain name as the certificate name.
    cd [certbot directory] ## /usr/bin
    service apache2 stop
    ./certbot certonly --standalone -d [subdomain.domain.tld] 
    service apache2 start
  5. Navigate to the directory where the certificate was saved.
    cd /etc/letsencrypt/live/[subdomain.domain.tld]
  6. Convert the certificate to PFX format.
    openssl pkcs12 -export -out [subdomain.domain.tld].pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
  7. Enter a passphrase for the certificate. You will need this passphrase when uploading the certificate to DEAR.
    Enter Export Password: 
    Verifying - Enter Export Password: 
  8. Copy the certificate to a downloadable location on the server. This is to ensure that you can download the certificate via secure FTP or some other protocol.
    cp -p /etc/letsencrypt/live/[subdomain.domain.tld].pfx /home/[user]
    cd /home/[user]
    chown [user] /home/[user]/[subdomain.domain.tld].pfx
  9. Open a new terminal and copy the certificate to your computer.
    cd ~/Downloads/
    scp [user]@[server-address]:/home/[user]/[subdomain.domain.tld].pfx .
    [user-password] or [ssh-key]
    ls -al | grep .pfx
  10. Log on to your domain registrar account and change the DNS CNAME in your DNS Zone records in the following format:
    [subdomain.domain.tld] CNAME [subdomain]
  11. Wait until the DNS CNAME TTL times out.
  12. Upload the certificate to DEAR B2B Portal by going to to, then creating a new portal configuration. 
  13. Under the Custom Domain for portal section, set the following:
    Custom Domain Name (URL): [subdomain.domain.tld]
    SSL Certificate file: Choose File ~/Downloads/[subdomain.domain.tld].pfx
    SSL Certificate password: [passphrase-you-create-here]
  14. Click Set Custom Domain.
  15. On the terminal that you opened in Step 9, test the certificate.
    curl -svo /dev/null https://[subdomain.domain.tld] --tlsv1.2
  16. Delete the certificate.
    rm -rf ~/Downloads/[subdomain.domain.tld].pfx
  17. In a browser, go to http://[subdomain.domain.tld] and check that the DEAR B2B Portal is active with the free LetsEncrypt SSL Certificate.

IMPORTANT! LetsEncrypt SSL certificates expire after 90 days. To ensure that the SSL certificate for your custom domain does not expire after that period, set a CRON job on the server to automatically renew the SSL certificate every 90 days, and set an email reminder to manually upload the regenerated SSL certificate back to DEAR. 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.