Thank you! That’s good to know.
Hi, We did a little research on what’s really going under the hood in this process in the hope of adding seamless letsencrypt integration to next version of Meteor Up.
Read more about it on this Kadira Voice post
Interesting post!
It might be good to think about what kind of certificate you will need for production apps and which ones are just fine for testing. If you want a production app you might want to invest in for example organization validation. For testing the downtime of a short moment is not really a real issue likely.
I have a question about local force-ssl though…
Yes, in browser I could use http://localhost:3000 , but when developing mobile stuff, I’d like to connect my iPhone from local WIFI, say http://192.168.1.102:3000 , with force-ssl, that would always redirect to https://localhost …
Is there a workaround?
Thanks so much @energistic !! For me there were 2 key additional steps / notes:
2 key missing steps:
- set
ROOT_URL
tohttps
- run
mup setup
(thenmup deploy
)
I found these here:
If I am using mupx which uses .key and .crt files instead of a .pem, any suggestions how to get this working when the certificates spit out .pem files?
@AndreasGalster One thing you can try is to create two separate files with .key and .crt extension, and copy the certificate parts and key parts inside the .pem file in to these two files and use it in mupx.
I tried that but it broke my server. It uploaded the site but then when redirecting to the SSL site it didn’t work.
I think I used this before for the crt file:
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
from http://stackoverflow.com/questions/13732826/convert-pem-to-crt-and-key
For the private key I can’t remember if I just renamed it or tried something from this stackoverflow question:
This would be awesome!
Especially because letsencrypt requires a downtime of the Meteor server to check if the domain is in your property, which it does on port 80. This is not a big issue on the first certificate creation, where you typically have your server in production yet. But if you’re extending your certificate afterwards (e.g. I did so to get an additional cert for my staging server), any downtime is not desirable. It would be perfect if mupx could keep that downtime at least as short as possible.
You can use .pem with mupx, I did not have any problems with that. Just make sure you’re using the fullchain .pem as the cert, and the private key .pem as the key.
You are right! Both .pem and .crt/.key work.
The issue seems to be that a long time ago I first tried to set up with mup before doing it with mupx since mup wasn’t working. MUP created an opt/something folder, which is no longer used in mupx. mup has a known issue when deploying certificates with that folder available. The solution for me was to simply create a new app with a new appName, which creates a new docker container I guess. An alternative solution is to get rid of that specific opt folder, which I couldn’t find though, which is why I simply used a new appName in my mup.json file
Don’t forget to stop the old app before starting and deploying a new app.
I’m having problems having this to work with together with the meteorhacks:cluster package.
does anyone managed to get this working?
If using the browzer-policy package does one need to add extra exceptions?
thanks
For anyone interested, I worked a bit this weekend on the integration of Let’s Encrypt in MeteorUp. Feel free to contribute to the PRs. Here the two pull requests!
https://github.com/arunoda/meteor-up/pull/873
Thank you,
Carlos.
As I couldn’t make it work with stud, I end up using Nginx for that. It seems to be working fine now.
I guess I should switch to mupx which uses Nginx anyway.
Hello, I’m using this more nginx to proxy the meteor port to the port 80/443.
There are any way to remove nginx ? I can’t run meteor on port 80 because I have a few apps runing on the same server, that why I need nginx.
thanks
Humberto
Do you have any cronjob sample for this?