the hostname is valid a valid FQDN hostname (check method to be confirmed), and not an IP address
https access to Let's Encrypt is available (and there's no SSL-breaking proxy, make sure certs are valid based on locally allowed CA certs
Option -e CERTBOT=1 is passed
Then:
use certbot to generate the key and signing request and get the LE cert
Set nginx config to redirect all http requests (except the /well-known/ for certbot verification) to https
Check that this works with existing clients (after upgrading ssm-client to v5) after pre-existing server is upgraded to https.
ssm-clients should update their own configuration to use https when they detect that their http requests to the server are being redirected to https.
When we pass:
we can infer the hostname.
If:
-e CERTBOT=1is passedThen:
Check that this works with existing clients (after upgrading
ssm-clientto v5) after pre-existing server is upgraded to https.ssm-clients should update their own configuration to use https when they detect that their http requests to the server are being redirected to https.