In the Arc configuration file (<Arc folder>settings.yml), the parameter UseSSL (false by default) enables Arc to run using https (UseSSL: true) or http (UseSSL: false).

You will need to stop Arc before changing the value.

If UseSSL is set to true the Arc server will run using https instead of http. By default a self-signed certificate will be generated using the server name for the host name.

The first time Arc starts with UseSSL sets to true, a new folder SSL will be created with the self-signed certificates:

• <Arc folder>sslcert.pem

• <Arc folder>sslkey.pem

NOTE: Self-signed certificates are not trusted by the browser so you will receive a warning message in the browser.

To remove the warning, generate certificates via a valid certificate authority or use the Let’s Encrypt option below.

If you want to use your own certificate place the ssl/cert.pem and ssl/key.pem files in the Arc/ssl directory.

The cert and private key need to be in pem format.

Generating certificates with Let’s Encrypt

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

To use this option Arc needs to be a publicly accessible, i.e. the internet not intranet.

When enabled (useletsencrypt: true) Arc will attempt to retrieve a SSL certificate from Let’s Encrypt and then set up the Arc web server to use them.

NOTE: You must set sslhostname parameter to match your DNS entry.

When using Let’s Encrypt, Arc will run on both port 443 (HTTPS) and port 80 (HTTP). Both of these ports need to be accessible to the Let’s Encrypt service for the certificates to be generated. If you have issues check your firewall.