It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Generating a Signed Certificate Using Let’s Encrypt

  • Last updated on


Let’s Encrypt is a certificate authority that provides free signed certificates that are valid for 90 days. The certificates are accepted by most of the browsers.

The Barracuda WAF provides integration with Let’s Encrypt to generate, sign, install, and renew certificates for their domains running on the Barracuda Web Application Firewall.


Let's Encrypt certificates can only be created by Local Users and Admins. Note that external users logged in from LDAP/Radius CANNOT create Let's Encrypt certificate.

Before You Begin

  • Create a HTTP service and also ensure that the service is in the ACTIVE mode.
  • Ensure that the domain is accessible over the internet on TCP port 80.
  • Ensure that the domain is accessible to the HTTP service that you created above.
  • Allow outbound access to  on the firewall.
  • Ensure that the "Allow Administration Access" for WAN is set to Yes for UI to successfully create a Let's Encrypt certificate.

To generate the certificate from Let’s Encrypt CA:

  1. Navigate to BASIC > Certificates and then click the Let’s Encrypt button from the Certificate Generation section. The Get Certificate from Let's Encrypt dialog box opens.

    If the Use Let's Encrypt button is not visible on the Certificate Generation section, please contact  Barracuda Networks Technical Support for assistance.

  2. Specify values for the following fields:
    1. Certificate Name - Enter a name to identify this certificate.
    2. Key Type - Select Key Type as RSA
    3. Common Name -  Enter the domain name (DN) of the web server for which you want to generate the certificate.  For example: "".
    4. Subject Alternative Names (SAN) -  Enter Subject Alternative Names (SAN) that needs to be associated with the certificate. Select  DNS  attribute from the drop-down list, and provide the appropriate value. For example: For  DNS,  the DNS domain name is specified.  Example :
    5. Services - Click the drop-down list and then select the service on which this domain is listening . HTTP and HTTPS that have a redirect service will be listed here.
    6. Renew Automatically -  Select Yes if you want the signed certificates to get automatically renewed after the validity period. Click the drop-down list and select the number of days after which you want the certificate to be renewed.

      Ensure that the HTTP service exists and is working in Active mode when you are performing an auto-renewal of the Let's Encrypt certificate.

  3. Click Generate Certificate . You can view the created certificate in the Saved Certificates section.
Last updated on