Open andreasvirkus opened 5 years ago
Hey, this is more of a TODO on my end.
I agree completely that LetsEncrypt is the way to go for this. I believe Certbot has excellent integration with nginx and will serve up certificates to any future CNAME configurations just as well.
I've now fixed SSL on the TLD but I haven't figured out how to do it for the subdomains yet. I guess I'll have to generate an additional SSL cert for each subdomain. I want to know what the best practice is for doing this en masse.
So there's two main ways to go about this:
Some pricier cert providers also allow the use of wildcards (*.dragdrop.site)
Edit: looked into it some more, and learned a couple of things myself as well.
I stubmled upon this useful thread: https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250/4
and there's a link to this certbot-auto
site, which also lists specific instructions:
https://certbot.eff.org/lets-encrypt/pip-other
So as the top banner states:
Trying to get a wildcard certificate? Please use the dropdown menus below to get instructions specific to your system, and read those instructions carefully.
Another source: https://stackoverflow.com/a/49487656/2803743 So if your DNS provider provides an API to update TXT records, you should be good to go. Currently certbot seems to support these providers for wildcards:
certbot-dns-cloudflare
certbot-dns-cloudxns
certbot-dns-digitalocean
certbot-dns-dnsimple
certbot-dns-dnsmadeeasy
certbot-dns-google
certbot-dns-luadns
certbot-dns-nsone
certbot-dns-rfc2136
certbot-dns-route53
Hope that's of some use :)
Edit (2): The TLD atm doesn't have an http
-> https
redirect as well.
Also you could change the website's link in the repo description on GitHub to point to https:// directly.
For the redirect you could go with:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
A service like Let's Encrypt is free and very easy to set up :)
I'd also argue that it's crucial for a website handling other people's source code.