Closed jreadey closed 6 years ago
craig-willis
commented
6 years ago @jreadey Yes. The system uses letsencrypt, but is currently talking to the staging instance, which generates a fake intermediate certificate. When the overall configuration is finalized, we'll move to use the production endpoint.
craig-willis
commented
6 years ago I've updated the instance to use the production API for letsencrypt, which means no more certificate warnings. I'll update the docs, but this was a bit more painful than expected. It should have simply required changing the LEGO_URL from https://acme-staging.api.letsencrypt.org/directory to https://acme-v01.api.letsencrypt.org/directory and upgrading the helm chart -- or at most deleting and re-installing. In the end, there was a straggling secret that needed to be deleted (per https://github.com/jetstack/kube-lego/issues/82).
rsignell-usgs
commented
6 years ago 
Secure it is! 🍾
It's a bit awkward going to https://esiphub.data.org the first time since Chrome complains the site is insecure.
Are there plans to install a certificate at this endpoint?