I think it might be possible to get a free SSL certificate using Let’s Encrypt .
Free? But do browsers support it? Or is just for using the API?
Yes, I think so.
Sounds very labor intensive to have to apply for a new certificate every three months unless it can automated. Do you wish to apply for us?
I believe that it can be automated, I’ll look into it and let you know. -John
Looks like you can use the
certbot renew command and add it to cron.
Sounds quite easy.
Let’s go for it then!
I use Let’s Encrypt and it’s very straightforward… download, run, enter details & it configures webserver (with cert). Then every 3 months just do
./certbot-auto renew and Bobs your Uncle
Any questions just shout. I use it with Apache (on Ubuntu) as front-end proxy to Cheyenne for about a year with no issues.
Reading this you need ssh access https://certbot.eff.org/#ubuntuxenial-nginx but also need to install at /var/www but I don’t think have that directory under nginx
Happy to help if I can? However I’ve no experience of Google cloud or Discourse so I may tripping over myself a bit
The problem we reached was that I wasn’t able to add @asampal as a user to the VM even though I added his public certificate so we need to see what that is about.
It could be just that I got locked out just before you added me with the appropriate username.
I guess try again when I’m back at home and can look more easily at the vm error logs.
Ok, I used the walk through after using the certbot failed since it didn’t know where to put the certificates, and when i chose a place, nothing was put there Not sure how I can recover the 158Mb that I used for the certbot install
4. Rebuild your container
./launcher rebuild <container name>
should just be
./launcher rebuild app
Also note this, it does the daily renewal check for us.
Installs the cert into the right directory that nginx expects. At the same time, it adds a cron job that runs a daily cert renewal check. This will automatically renew your cert. Nothing happens if cert has not expired. If the certificate does expire, you’ll get an email about it from Let’s Encrypt at the email address you provided during setup.
Switches the script to use the webroot plugin with /var/www/discourse/public as the directory. This will allow us to use nginx as the server that handles domain validation. Zero downtime during cert renewal!
Now to see what problems eventuate.
Looks like Rebol clients (2, 3, renc) can’t connect to the https version used here.
So, rebolbot is a bit stuck.
So, apart from the rebolbot ssl handshaking error, is anyone else in addition to @draegtun now no longer able to login?
I’m wondering now if I should attempt to revert the https?
If you can’t login to reply, then use [SO chat] (http://chat.stackoverflow.com/rooms/291/rebol)
Let’s see if they can help, or, if I can just turn off the http -> https redirect.
https works fine for me
Regarding the disk space for certbot, I assume you can just uninstall it. Assuming this is some kind of debian based distro then it is simply
sudo apt-get remove certbot
There are addiditonal options to remove other dependencies of configuration files as well: