Securing an HP LaserJet printer with LetsEncrypt

The fantastic Let’s Encrypt service lets you issue SSL/TLS certificates to devices without charge. It’s not everything you may want at the enterprise level, but for the professional in their home environment, it’s great.
I wanted to replace the self-signed certificate on an HP printer I had, but it wasn’t an easy process. I’ve documented it here so it can be useful to others too.
First, use certbot to generate your certificate. Run the command as follows:
certbot -d host.example.com --manual --preferred-challenges dns certonly
This will instruct you to add a TXT record to the DNS record for the host for authentication, after which you’ll receive your certificate.
To convert this in to a PKCS#12 file, suitable for loading on to the printer, use the following command:
openssl pkcs12 -export -out certificate.pfx -inkey config/live/host.example.com/privkey.pem -in config/live/host.example.com/cert.pem
The .pfx file can then be uploaded to the printer and it’ll use it immediately.

4 thoughts on “Securing an HP LaserJet printer with LetsEncrypt”

  1. Thanks for writing this. I’m trying to install a LE cert on my hp printer as well.
    but…. uh oh. How did you get around the password requirement? My hp printer says “You must provide the password that was used to encrypt the private key.”
    I never provided a password anywhere in the certbot config. All of the above steps worked great and I made the .pfx file.
    also, how are you handling the certificate renewals?
    Thanks again!

  2. This approach does not seem to work if you’d simply like to access your HP printer from within the network using https. Let’s Encrypt/Certbot will not generate a certificate for a domain name such as “HPCLJM451dw.local”.
    Do you have any idea what one could do in such a scenario?

Leave a Reply

Your email address will not be published. Required fields are marked *