Closed dhoepelman closed 3 years ago
tbroden84
commented
4 years ago Ok, would be worth investigating. Should not differ all that much on how it's done for the Web UI. However need to be scheduled to beginning of August, due to summer vacations.
dhoepelman
commented
4 years ago Sounds great, we'll await any news :)
dhoepelman
commented
4 years ago Any update on this?
tbroden84
commented
4 years ago Unfortunately not yet, quite full this week but can prioritise this during next week.
dentarg
commented
3 years ago @dhoepelman We are looking into the possibility of handling certificates with custom hostnames ourselves (using Let's Encrypt), would that solve your need or would you still want to upload your own certificates?
dhoepelman
commented
3 years ago I don't work at the company that had this problem anymore, but that would indeed solve their problem since they don't need custom certificates.
NicolasMarlier
commented
3 years ago Hi @dentarg, I have the same usecase as @dhoepelman I think the solution you suggested could be a solution for me ; do you have any news on the timeline? Thanks
dentarg
commented
3 years ago @NicolasMarlier Actually it is being worked on right now! Stay tuned.
NicolasMarlier
commented
3 years ago Hi, I just saw the update on the inferface and it looks it's out, very pleased about this. However I got a custom usecase: I do not have a CNAME pointing to amqp, instead the traffic is routed through a TCP router (traefik), because I need to route historical traffic from a custom port to port 5672...
What kind of traffic do you need open to perform the let's encrypt verification ? Do you think you check this traffic gets routed to you instead of checking CNAME so that I can make it work?
Thanks a lot,
?
dentarg
commented
3 years ago @NicolasMarlier I'm not sure I fully understand your use-case, but if you have your own server(s) in front of your CloudAMQP RabbitMQ instance, aren't you in a position to acquire the certificate you need yourself from Let's Encrypt?
dentarg
commented
3 years ago @NicolasMarlier Are you creating many new clusters that need to listen on that custom port? If not, feel free to contact CloudAMQP support (https://www.cloudamqp.com/support.html) and request that your instance is configured to listen on that custom port. Great if you mention this thread in the ticket for additional context.
Currently we use Letsencrypt in combination with the terraform ACME provider to get all our TLS certificates.
Unfortunatly, this is not a viable solution with CloudAMQP, as there is only a Web UI to enter certificates, making this a manual action, and Letsencrypt certificates have a short validity requiring you to use automation to renew and replace them.
If server certificates could be set from the cloudamqp terraform module this would solve our problem