How to enable Let’s Encrypt & HTTPS on MikroTik CHR (Cloud hosted router)

Once you have installed your MikroTik CHR router on your server, you don’t want to access the webinterface using the unencrypted HTTP protocol.

Instead, follow these steps to enable HTTPS using Let’s Encrypt certificates which come built-in with recent RouterOS versions.

First, configure your DNS to point some domain name – e.g. chr.mydomain.com to your server’s IP address. TCP port 80 on the IP address the domain name points to must reach the CHR server.

Then, login to the CHR using ssh. This connection is encrypted. Run the following commands:

/certificate/enable-ssl-certificate dns-name=chr.mydomain.com

and

/ip/service/enable www-ssl

Example output:

[admin@MikroTik] > /certificate/enable-ssl-certificate dns-name=chr.mydomain.com
  progress: [success] ssl certificate updated

[admin@MikroTik] > /ip/service/enable www-ssl

After that (if the certificate could be generated successfully), your router will be reachable via https://chr.mydomain.com