Currently it's quite hard to deploy letsencrypt for servers which are not yet used by the DNS. This happens for example when migrating stuff from different company or from platfrom.sh/heroku/etc to separate servers setupped by wundertools.
It would be much easier if certificates would be requested just in time from letsencrypt.
Luckily there's a nginx lua module which can be hooked into the nginx TLS handshake and used in order to request and handle the letsencrypt challenge:
https://github.com/GUI/lua-resty-auto-ssl
I would recommend us to do all https deployments like this. The certificates can also be stored in Redis so we can have multiple machines sitting in the load balancer layer.
tharna
commented
7 years ago
Currently it's quite hard to deploy letsencrypt for servers which are not yet used by the DNS. This happens for example when migrating stuff from different company or from platfrom.sh/heroku/etc to separate servers setupped by wundertools.
It would be much easier if certificates would be requested just in time from letsencrypt.
Luckily there's a nginx lua module which can be hooked into the nginx TLS handshake and used in order to request and handle the letsencrypt challenge: https://github.com/GUI/lua-resty-auto-ssl
I would recommend us to do all https deployments like this. The certificates can also be stored in Redis so we can have multiple machines sitting in the load balancer layer.