#ops (2019-01)
Archive: https://archive.sweetops.com/ops/
2019-01-14

what’s the current state-of-the-art for auto-renewing HTTPS certs for nginx?

Are you on k8s?

no

Unfortunately no recent experience with self-NGINX with LE. Bet a lot has improved since I last checked it out.

I vaguely recall reading it’s got a lot better, but it’s hard to google

Are you running on AWS?

yes

no wait, no

sorry

No prob… was going to suggest using ACM

Where are you hosted?

Digital Ocean

just vanilla droplets for now

Ensure your server is safe, no matter where it’s running: public cloud, private cloud, Kubernetes cluster, or even a Mac mini under your TV with Argo Secure Tunnel.

Argo is pretty sweet. Doesn’t require k8s

You don’t need to expose your webservers at all

It creates an encrypted reverse tunnel out to CloudFlare

CloudFlare handles all certs

that does look very cool

the “contact us” pricing looks a bit scary

context: this is for our staging environment

funnily enough, we use ACM for production

ah prices are at the bottom of the page, just $5/month?

Though I think it requires business class

Which is 200

Not free/cheap

ah ok

FYI in case anyone is interested, this seems to work pretty well: https://certbot.eff.org

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

thanks for reporting back!

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.
2019-01-15

There is a sidecar container for doing auto letsencrypt

eg

LetsEncrypt companion container for nginx-proxy. Contribute to JrCs/docker-letsencrypt-nginx-proxy-companion development by creating an account on GitHub.

My personal space.
2019-01-17


lets encrypt down



looks like it was planned? https://letsencrypt.status.io/pages/history/55957a99e800baa4470002da