Documentation Documentation

Let's Encrypt

Tyk v2.3 introduces experimental Let’s Encrypt support. This module allows Tyk to automatically provision SSL certificates for domains as set for domains in a Tyk configuration using the ACME protocol and the Let’s Encrypt service.

What is Let’s Encrypt?

Let’s Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

Using Let’s Encrypt with Tyk Gateway

Certificates are generated by one Gateway and then shared, via an encrypted Redis key, with other Tyk nodes. Tyk with LE support is limited by LE’s rate limits, so while certificates are backed up and generated and can be re-used, over-use of the feature can cause the service to stop working.

To enable Let’s Encrypt support, set the following value to true in your tyk.conf file:

    "http_server_options": {
        "use_ssl": true,
        "use_ssl_le": true
    }

Once set, restart the Gateway process and Tyk, on the first time a domain is requested, will seed the SSL cache with a new certificate. New Gateways that start after this can then use this certificate.