#ops (2019-01)

what’s the current state-of-the-art for auto-renewing HTTPS certs for nginx?

Are you on k8s?

no

Unfortunately no recent experience with self-NGINX with LE. Bet a lot has improved since I last checked it out.

I vaguely recall reading it’s got a lot better, but it’s hard to google

Are you running on AWS?

yes

no wait, no

sorry

No prob… was going to suggest using ACM

Where are you hosted?

Digital Ocean

just vanilla droplets for now

https://www.cloudflare.com/products/argo-tunnel/

Argo is pretty sweet. Doesn’t require k8s

You don’t need to expose your webservers at all

It creates an encrypted reverse tunnel out to CloudFlare

CloudFlare handles all certs

that does look very cool

the “contact us” pricing looks a bit scary

context: this is for our staging environment

funnily enough, we use ACM for production

ah prices are at the bottom of the page, just $5/month?

Though I think it requires business class

Which is 200

Not free/cheap

ah ok

FYI in case anyone is interested, this seems to work pretty well: https://certbot.eff.org

There is a sidecar container for doing auto letsencrypt

eg

https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion

or https://miki725.com/docker/crypto/2017/01/29/docker+nginx+letsencrypt.html

https://letsencrypt.status.io/

lets encrypt down

looks like it was planned? https://letsencrypt.status.io/pages/history/55957a99e800baa4470002da