No more paying for SSL certificates!

If someone writes an article for how to use this to get setup with Meteor SSL on Digital Ocean or a similar hosting environment, I’ll add it to the guide article on security! Right now there don’t seem to be any end-to-end resources for securing your Meteor app when running it on a custom server.

9 Likes

Just spent $100 on a wildcard SSL cert recently. Hopefully this will catch on.

Edit: This is not happening anytime in the foreseeable future, though you can explicitly provide a list of Subject Alliterative Names (subdomains), and regenerate your certificate when you need to make changes.

1 Like

We’ll add this to MeteorUP as we launch mup 1.0.
Will do a blog post next week with more info.

28 Likes

tried this one and it works without issues on digital ocean with mupx.

Better off course is to have it automated as @arunoda wrote but even without it’s a relatively easy process if you have a basic understanding of it.

Step which is important is that lets encrypt needs port 80 for validation on your server. So I had to stop the server. Then request the SSL and then restart the server.

2 Likes

Thanks for pointing out the mup stop omission! Added it in.

1 Like

Cool!

Short question: How is mup 1.0 related to mupx? Is that the same version or are there differences?

mupx is the base for mup 1.0. Config file format will be changed a bit. They will be a built in load balancer and oplog support for the DB. (and few more stuff)

1 Like

Cool stuff! So as I understand improvements but not really breaking changes? As in: I can still just use the command line to setup and deploy, but now it will setup things a bit different. Correct?

It’s very much similar to mupx in the backend inside the server with some proper error messages and so on. Now we’ve mup.js not a json file. It’s possible to convert mup.json into mup.js automatically.

2 Likes

Ok thanks for the quick input!

Once Let’s Encrypt certificates are being automatically installed for apps hosted on Galaxy (or any other Meteor host), this list of hosts that actively support Let’s Encrypt should be updated:

Web Hosting Supporting LE

You can see that there are many hosts that already automate the SSL certificate creation and installation process for their customers.

I managed to create a Let’s Encrypt certificate manually today but it was quite a pain.

1 Like

NodeChef is a Meteor host that automates the SSL certificate creation and installation process for their customers. https://www.nodechef.com/pricing

For anyone interested, I worked a bit this weekend on the integration of Let’s Encrypt in MeteorUp. Feel free to contribute to the PRs. Here the two pull requests!

https://github.com/arunoda/meteor-up/pull/873

Thank you,
Carlos.

2 Likes

If anyone’s using Docker (MeteorD), I’ve used the following compose setup, which is quite painless. Just make sure you start nginx-proxy before letsencrypt. Using Tutum makes this process even easier :slightly_smiling:

Now that Let’s Encrypt has left beta.

Is there any script or tutorial that helps DevOps newbies like me to get things up and running (and auto renewing every 60 days)?

I use mupx.

@arunoda Please give mup 1.0 some love (and free SSL). Or is the development slowed down / stopped because of Galaxy?

This thread was mentioned earlier, but might have been missed. It has step by step instructions, and should help (with both mup and mupx based installations):

On a first view this looks like I have to repeat these steps every 60 days right?

However. I endet up buying another 3 year wildcard Cert. Hopefully the last one ever :slight_smile:

1 Like

Yeah, but via cronjob you can configure an automatic renewal. I’m using Let’s Encrypt + NGINX + Meteor and it works very well :slight_smile:

If anyone wants to use Let’s Encrypt without MeteorUp, I’ve made a Let’s Encrypt Meteor package.

Makes it easy to issue and renew certs with the certbot:

letsencrypt certonly --webroot

by automatically serving the challenge responses.