How to enable Let's Encrypt & HTTPS on MikroTik CHR (Cloud hosted router)

Once you have installed your MikroTik CHR router on your server, you don’t want to access the webinterface using the unencrypted HTTP protocol.

Instead, follow these steps to enable HTTPS using Let’s Encrypt certificates which come built-in with recent RouterOS versions.

First, configure your DNS to point some domain name - e.g. chr.mydomain.com to your server’s IP address. TCP port 80 on the IP address the domain name points to must reach the CHR server.

Then, login to the CHR using ssh. This connection is encrypted. Run the following commands:

enable_ssl.rsc

/certificate/enable-ssl-certificate dns-name=chr.mydomain.com

/certificate/enable-ssl-certificate dns-name=chr.mydomain.com

and

enable_www_ssl.rsc

/ip/service/enable www-ssl

/ip/service/enable www-ssl

Example output:

mikrotik_enable_output.txt

[admin@MikroTik] > /certificate/enable-ssl-certificate dns-name=chr.mydomain.com
  progress: [success] ssl certificate updated

[admin@MikroTik] > /ip/service/enable www-ssl

[admin@MikroTik] > /certificate/enable-ssl-certificate dns-name=chr.mydomain.com
  progress: [success] ssl certificate updated

[admin@MikroTik] > /ip/service/enable www-ssl

After that (if the certificate could be generated successfully), your router will be reachable via https://chr.mydomain.com

Check out similar posts by category: MikroTik, Networking

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee