#ops (2019-01)
Archive: https://archive.sweetops.com/ops/
2019-01-14
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
what’s the current state-of-the-art for auto-renewing HTTPS certs for nginx?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Are you on k8s?
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
no
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Unfortunately no recent experience with self-NGINX with LE. Bet a lot has improved since I last checked it out.
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
I vaguely recall reading it’s got a lot better, but it’s hard to google
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Are you running on AWS?
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
yes
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
no wait, no
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
sorry
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
No prob… was going to suggest using ACM
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Where are you hosted?
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
Digital Ocean
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
just vanilla droplets for now
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Ensure your server is safe, no matter where it’s running: public cloud, private cloud, Kubernetes cluster, or even a Mac mini under your TV with Argo Secure Tunnel.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Argo is pretty sweet. Doesn’t require k8s
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
You don’t need to expose your webservers at all
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
It creates an encrypted reverse tunnel out to CloudFlare
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
CloudFlare handles all certs
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
that does look very cool
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
the “contact us” pricing looks a bit scary
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
context: this is for our staging environment
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
funnily enough, we use ACM for production
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
ah prices are at the bottom of the page, just $5/month?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Though I think it requires business class
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Which is 200
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Not free/cheap
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
ah ok
![james avatar](https://avatars.slack-edge.com/2018-12-31/513352820609_79a55e5b5c6956f815ff_72.jpg)
FYI in case anyone is interested, this seems to work pretty well: https://certbot.eff.org
![attachment image](https://certbot.eff.org/images/certbot-OG.png)
Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
thanks for reporting back!
![attachment image](https://certbot.eff.org/images/certbot-OG.png)
Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
2019-01-15
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
There is a sidecar container for doing auto letsencrypt
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
eg
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
LetsEncrypt companion container for nginx-proxy. Contribute to JrCs/docker-letsencrypt-nginx-proxy-companion development by creating an account on GitHub.
![pecigonzalo avatar](https://avatars.slack-edge.com/2020-02-24/954674862595_11f6ff71106151c32655_72.png)
My personal space.
2019-01-17
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
lets encrypt down
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![sarkis avatar](https://secure.gravatar.com/avatar/3606f27756cf1a49f22f966e4ddf01a6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
![sarkis avatar](https://secure.gravatar.com/avatar/3606f27756cf1a49f22f966e4ddf01a6.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
looks like it was planned? https://letsencrypt.status.io/pages/history/55957a99e800baa4470002da