LUCY offers you to create a certificate for:
First set the correct FQDN within the setup script (domain configuration). Example: if you configured the domain “phishig-server.com” within LUCY you could create the FQDN access.phishing-server.com within the setup script. If you want to generate a trusted certificate for the admin access please go to “settings/ssl settings” and choose “lets encrypt” as the method. LUCY will automatically use the domain configured in the system to generate the certificate. The certificate generation might take up to 5 minutes. Please be patient and wait until the message “certificate created” appears. If you get a “request failed” error it means that you ran into performance issues. In that case please retry to initialize the setup again. Here is a summary again:
Please take into account that Lucy uses a third-party SSL provider - Let's Encrypt that has some limitations. The most common one is that you cannot issue more than 5 certificates per week for the same domain name. Find more at: https://letsencrypt.org/docs/rate-limits/
To avoid that limit you can use a previously issued SSL certificate in your campaigns by choosing the option “Select Existing SSL Certificate” in the SSL Provider list.
If you decide to use SSL for the campaign and you want to generate a custom certificate you can do this by clicking Generate CSR or Certificate.
===== Create a CSR (Certificate Signing Request) =====¨
If you want to create a new official certificate, you first need to create a CSR. You can use an online service like:
After the verification, (most providers will either do verification by sending an email to the email address within the WHOIS record or to the email specified within the CSR) you will have to upload the certificate to LUCY.
As an alternative: LUCY enables you to create a CSR by clicking “Generate CSR or Certificate”.
You can also import an official trusted certificate. Simply upload the files to LUCY. If the private key is protected with a password, you need to enter that password as well.
Note that the server only accepts files with the following extension:
Note: If you want to get an official certificate for free, you can always use trial certificates which are valid for 90 days (example: https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.php)
In LUCY < 4.5 the certificate autorenew might not work for several reasons.
a. If you are using Lucy 4.2 or older version and using the “Let's Encrypt” provider SSL certificate generation fails, you need to delete the old certificate before re-creating the certificate again. You can do that using the following command:
cd /tmp sudo -u postgres psql phishing -c "UPDATE domains_ssl SET is_deleted=TRUE WHERE NOT is_deleted"
(!) Please take into account that the command above will delete all existing SSL certificates!
b. For Lucy 4.3 and newer version this could have happened after the migration from version 4.2 via the Migration Tool. In that case please contact our support team (firstname.lastname@example.org) to fix the issue.