search

stackvana / hook.io

Open-Source Microservice Hosting Platform
https://hook.io
Other
1.26k stars 117 forks source link

https://hookname.hook.io invalid SSL certificate #219

Open zanona opened 8 years ago

zanona commented 8 years ago

Apparently hook.io subdomains have invalid SSL certificate attached to it? Apparently the one being used is not a wildcard?

Marak commented 8 years ago

Yeah, we need to buy a wildcard SSL cert.

I guess I could just buy one now? I should do that.

Marak commented 8 years ago

Tracking:

102

101

Marak commented 8 years ago

Duplicate #101

zanona commented 8 years ago

Thanks @Marak. I think it will be a good addition to hook.io. :+1:

Marak commented 8 years ago

I'll keep it open until I buy and deploy SSL cert.

Any suggestions from where to buy unlimited wildcard cert?

zanona commented 8 years ago

@Marak This may give you some good options :) Comodo seems a nice one

zanona commented 8 years ago

Hey @Marak, I was doing some research and found about this initiative. It might be worth checking it out. It could be a good idea to not only use it for the wildcard one but also to provide SSL for all custom domains without any additional hassle. https://letsencrypt.org

Currently, Netlify works with Let's Encrypt to provide SSL for custom domains. It seems to be great and much better than cloud flare's SNI where you have a list of other clients listed in the certificate description.

https://www.netlify.com/blog/2016/01/15/free-ssl-on-custom-domains

Marak commented 8 years ago

@zanona -

I wouldn't mind not paying for SSL certs. The wildcard from comodo is over $100

zanona commented 8 years ago

Yes, I believe this really shines over custom domains. It would add so much value to the service, since it makes a lot of sense for APIs to only accept HTTPS requests. Imagine if that can be offered with every hook. It would be crazy cool. Apparently the way it works, is by running their CLI generating the certs and validating against their server every 3 months — You could even create a hook to achieve that :).

It's seems to be very simple as long as there's control over the server it's running on. In which case, you may have :)

Marak commented 8 years ago

see:

https://github.com/Daplie/node-letsencrypt https://github.com/Daplie/letsencrypt-express

zanona commented 8 years ago

Awesomeness!!! Awesome

reimertz commented 7 years ago

any news on this?

ibrado commented 6 years ago

The good news is, next month (Jan 2018) LetsEncrypt will be releasing wildcard certificates! This could finally be closed. :smile:

Marak commented 6 years ago

That's really good news about letsencrypt issuing wildcard @ibrado

We recently switched to LE. I'll get a wildcard cert as soon as they will issue it.

Should help in getting the subdomains secured.