Are you worried about how to exchange certificates on your MicroTik router?
Unfortunately, MicroTiks can only exchange certificates using non-standardized SCEP.
If you want to use Let’s Encrypt ACME, you can’t do it with RouterOS scripting language. However, you can work around these shortcomings with a Linux machine, Let’s Encrypt ACME client, SSH, and Apache HTTP server.
In this guide, we will show you how to set up an SSTP VPN server for Windows and RouterOS from version 5, using Let’s Encrypt certificates.
The SSTP protocol, developed by Microsoft, is an elegant solution for establishing a secure VPN connection. It works like ordinary HTTPS from the outside and uses 443 as the default port, which is allowed on almost all firewalls.
In this guide, we will explain how to work with Let’s Encrypt to verify domain ownership and request a certificate for the VPN server.
Follow the steps below to set up MicroTik SSTP server with Let’s Encrypt certificate:
Step 1
Verify domain ownership Let’s Encrypt verifies domain ownership using a challenge-response mechanism. There are three ways to verify domain ownership. The most common is the http-01 challenge.
It works by displaying a file with a certain name and content on the web and giving the ACME client the task of showing it to the ACME server (Let’s Encrypt).
The server then tries to reach the file via the Internet, and if it succeeds, it considers the verification of ownership successful and will sign the application for a certificate.
