No more paying for SSL certificates!


#1

https://letsencrypt.org/

Let’s Encrypt is now in public beta as of yesterday! I gave it a go and it worked great. I’m eager to see how this will affect the SSL cartel. :wink:


#2

Darn I just bought one the other day :laughing:

There’s also a good podcast here:

http://softwareengineeringdaily.com/2015/11/30/lets-encrypt-with-josh-aas/


#3

Detailed installation instructions can be found here: https://letsencrypt.readthedocs.org/en/latest/


#4

If someone writes an article for how to use this to get setup with Meteor SSL on Digital Ocean or a similar hosting environment, I’ll add it to the guide article on security! Right now there don’t seem to be any end-to-end resources for securing your Meteor app when running it on a custom server.


#5

Just spent $100 on a wildcard SSL cert recently. Hopefully this will catch on.

Edit: This is not happening anytime in the foreseeable future, though you can explicitly provide a list of Subject Alliterative Names (subdomains), and regenerate your certificate when you need to make changes.


#6

We’ll add this to MeteorUP as we launch mup 1.0.
Will do a blog post next week with more info.


#7

tried this one and it works without issues on digital ocean with mupx.

Better off course is to have it automated as @arunoda wrote but even without it’s a relatively easy process if you have a basic understanding of it.

Step which is important is that lets encrypt needs port 80 for validation on your server. So I had to stop the server. Then request the SSL and then restart the server.


#8

Thanks for pointing out the mup stop omission! Added it in.


#9

Cool!

Short question: How is mup 1.0 related to mupx? Is that the same version or are there differences?


#10

mupx is the base for mup 1.0. Config file format will be changed a bit. They will be a built in load balancer and oplog support for the DB. (and few more stuff)


#11

Cool stuff! So as I understand improvements but not really breaking changes? As in: I can still just use the command line to setup and deploy, but now it will setup things a bit different. Correct?


#12

It’s very much similar to mupx in the backend inside the server with some proper error messages and so on. Now we’ve mup.js not a json file. It’s possible to convert mup.json into mup.js automatically.


#13

Ok thanks for the quick input!


#14

Once Let’s Encrypt certificates are being automatically installed for apps hosted on Galaxy (or any other Meteor host), this list of hosts that actively support Let’s Encrypt should be updated:

Web Hosting Supporting LE

You can see that there are many hosts that already automate the SSL certificate creation and installation process for their customers.

I managed to create a Let’s Encrypt certificate manually today but it was quite a pain.


#16

NodeChef is a Meteor host that automates the SSL certificate creation and installation process for their customers. https://www.nodechef.com/pricing


#17

For anyone interested, I worked a bit this weekend on the integration of Let’s Encrypt in MeteorUp. Feel free to contribute to the PRs. Here the two pull requests!

https://github.com/arunoda/meteor-up/pull/873

Thank you,
Carlos.


#18

If anyone’s using Docker (MeteorD), I’ve used the following compose setup, which is quite painless. Just make sure you start nginx-proxy before letsencrypt. Using Tutum makes this process even easier :slightly_smiling:


#19

Now that Let’s Encrypt has left beta.

Is there any script or tutorial that helps DevOps newbies like me to get things up and running (and auto renewing every 60 days)?

I use mupx.


#20

@arunoda Please give mup 1.0 some love (and free SSL). Or is the development slowed down / stopped because of Galaxy?


#21

This thread was mentioned earlier, but might have been missed. It has step by step instructions, and should help (with both mup and mupx based installations):