Closed jreadey closed 6 years ago
@jreadey Yes. The system uses letsencrypt, but is currently talking to the staging instance, which generates a fake intermediate certificate. When the overall configuration is finalized, we'll move to use the production endpoint.
I've updated the instance to use the production API for letsencrypt, which means no more certificate warnings. I'll update the docs, but this was a bit more painful than expected. It should have simply required changing the LEGO_URL from https://acme-staging.api.letsencrypt.org/directory to https://acme-v01.api.letsencrypt.org/directory and upgrading the helm chart -- or at most deleting and re-installing. In the end, there was a straggling secret that needed to be deleted (per https://github.com/jetstack/kube-lego/issues/82).
Secure it is! 🍾
It's a bit awkward going to https://esiphub.data.org the first time since Chrome complains the site is insecure.
Are there plans to install a certificate at this endpoint?