How to enable Let's Encrypt & HTTPS on MikroTik CHR (Cloud hosted router)
Once you have installed your MikroTik CHR router on your server, you don’t want to access the webinterface using the unencrypted HTTP protocol.
Instead, follow these steps to enable HTTPS using Let’s Encrypt certificates which come built-in with recent RouterOS versions.
First, configure your DNS to point some domain name - e.g. chr.mydomain.com
to your server’s IP address. TCP port 80 on the IP address the domain name points to must reach the CHR server.
Then, login to the CHR using ssh
. This connection is encrypted. Run the following commands:
/certificate/enable-ssl-certificate dns-name=chr.mydomain.com
and
/ip/service/enable www-ssl
Example output:
[admin@MikroTik] > /certificate/enable-ssl-certificate dns-name=chr.mydomain.com
progress: [success] ssl certificate updated
[admin@MikroTik] > /ip/service/enable www-ssl
After that (if the certificate could be generated successfully), your router will be reachable via https://chr.mydomain.com