--- title: "Manual Let's Encrypt SSL Setup for Polarity Server v5" slug: "polarity-manually-set-up-lets-encrypt-with-server-v5" description: "Learn how to manually configure Let's Encrypt SSL/TLS certificates for Polarity Server v5 deployment. Step-by-step guide for HTTPS security configuration and certificate management in Docker or Podman environments." updated: 2025-12-02T22:15:26Z published: 2025-12-02T22:15:26Z canonical: "knowledge.threatconnect.com/polarity-manually-set-up-lets-encrypt-with-server-v5" --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.threatconnect.com/llms.txt > Use this file to discover all available pages before exploring further. # Manually Set Up Let's Encrypt with Polarity Server v5 This process will allow the Polarity Server v5 to use Let’s Encrypt to automatically manage certificates. ## Requirements: - An operational Polarity Server v5 - A Public FQDN - A DNS A/AAAA record(s) for public FQDN - External access via port 443 and (optionally) port 80. ## Process: 1. **Bring down the Polarity Server containers.** 1. ```bash cd /app ./down.sh ``` 2. **Copy Let’s Encrypt RSA CA certificate chain** (PEM format) to `/app/certs/ca`. 1. 3 certificates at the time of this writing (1x root cert, 2x intermediate certs). 2. `isrgrootx1.pem`, `r10.pem`, and `r11.pem`. 3. ***Downloadable from here:***[***Chains of Trust***](https://letsencrypt.org/certificates/)****** 3. **Add the** `ACME_ENABLED` **environment variable**to the `/app/.env` file. 1. ```bash echo "ACME_ENABLED=true" >> /app/.env ``` 4. **Open** the `/app/caddy/config/Caddyfile` **for editing**. 1. In the **global** **block**: 1. **Remove**the `auto_https off` declaration. 2. **Add** the following: 1. ```plaintext  storage file_system {    root /app/certs  } ``` 3. Resulting global block should look like this: 1. ```plaintext {  storage file_system {    root /app/certs  } } ``` 2. In the **main server block** (starts with `:8443`): 1. **Prepend**the `:8443` with `{$POLARITY_HOSTNAME}`, making it `{$POLARITY_HOSTNAME}:8443`. 2. After the `tls` declaration: 1. **Remove**the text `/config/server.crt /config/server.key` 2. **Replace**with the following block: 1. ```plaintext {  key_type rsa2048 } ``` 3. Result will look like this: 1. ```plaintext tls {  key_type rsa2048 } ``` 3. **Save**the changes to the `Caddyfile` and close it. 5. **Open**the `/app/docker-compose.yml` **file for editing**. 1. Under the services:web:volumes block, **find the line**: 1. `- ./certs/ca:/app/certs/ca:z` 2. **Change**this line to this: 1. `- ./certs:/app/certs:z` 3. **Save the changes** to the `docker-compose.yml` file and close it. 6. **Back up the Platform certifcates.** 1. ```bash cd /app/certs mv polarity.pem polarity.pem.bak mv polarity_key.pem polarity_key.pem.bak ``` 7. **Reset the standard permissions.** 1. ```bash cd /app bin/polarity docker-set-permissions ``` 8. **Start the Polarity Server containers.** 1. ```bash cd /app ./up.sh ``` 9. **Create a symbolic link from the new LetsEncrypt certificates to the Platform certificates.** 1. ```bash cd /app/certs ln -s ./certificates/acme-v02.api.letsencrypt.org-directory/<>/<>.crt ./polarity.pem ln -s ./certificates/acme-v02.api.letsencrypt.org-directory/<>/<>.key ./polarity_key.pem ``` 2. ***NOTE: Be sure to replace the***`<<your.polarity.fqdn>>` ***placeholders with your Polarity Server’s FQDN.*** 1. ***This should be the***`POLARITY_HOSTNAME`***value from the***`/app/.env`***file.*** > The certs could be in a slightly different directory, but they will be in a child directory of `/app/certs/certificates/`. **Your Polarity Server is now configured to use Let’s Encrypt for automated certificate management!**