Closed cben closed 6 years ago
Cert expired yesterday :frowning: Getting new one, have some issues...
letsenrypt.sh --ocsp
"Sets option in CSR indicating OCSP stapling to be mandatory".Deployed new cert valid till Oct 6 2016.
This is long done, closing.
Retroactive: I already deployed the new certs! Need to organize and back up the work. (mathdown.com cert expired on Feb 12 - I deployed half day AFTER it expired :-(; today deployed mathdown.net certs in time before Feb 15 expiration. 87 days to next expiration.)
I've switched from StartSSL to Let's Encrypt. Because they recently became available and are awesome, because renewal is easy to automate. Plus they can give 1 cert for all domains (best for heroku). Generally followed http://blog.thesparktree.com/post/138999997429/generating-intranet-and-private-network-ssl
_acme-challenge.www.mathdown.net
, not_acme-challenge.www.mathdown.net.mathdown.net
.Now that I've used Lexicon (DNSimple and friends abstraction lib), I should revisit infrastructure-as-code (#110) goal. Terraform is best in principle to cover everything but I suspect I'll stick to Lexicon and/or DNSimple's auto-deploy from github. Git push for DNS + git push to PaaS more or less covers it?