configure SSL #66
Comments
|
👍 Eg. uses vanilla herokuapp.com certificate |
|
I suspect we'll want SSL not only for serving up images (to avoid GitHub's caching), but also for any sort of Rails backend for statistics, etc. if that requires authentication? |
|
@nathany Indeed. With StartSSL we get unlimited certs, so that shouldn't be a problem. |
ghost
assigned
|
Firefox can be a little more picky than Chrome, as discovered recently here. So we'll have to double check it. https://sslcheck.globalsign.com looks like a useful tool. |
|
Considering the issues seen without using SSL badges/buckler#27, it would be great to be able to offer piggybacking on our (wildcard) HTTPS cert to badge services like @fjcaetano's cocoapod-badges and @kura's pypipins. What still needs to be done to get this setup? @whit537 @seanlinsley |
|
Another tool to ensure SSL is setup correctly https://www.ssllabs.com/ssltest/. |
|
Yes @whit537, what does need to be done? 🐱 |
|
My service is thankfully covered by a free SSL certificate from GlobalSign for being an open source project so SSL is a non-issue to me. I would suggest you guys contact them thought, they offer free wildcard certs for open source projects. |
|
I have an account at https://www.startssl.com/ and am planning to get a cert from there (they're free once you're verified, which Gittip is). Unfortunately their site is down right now. :-/ |
|
That is, I'm getting a connection timeout. |
|
Blech. Their site is still down, no answer on Twitter. Starting to feel like StartSSL is dead in the water. :-( |
|
@nathany Looks like our Public Domain license is not a license after all: http://opensource.org/faq#public-domain I'm ok to switch to an MIT license in order to be able to apply for this. Should I put my name on the copyright since we don't really have an organization at this time? |
|
+1 MIT and GlobalSign. Perhaps "(c) Olivier Lacan and Contributors"? |
|
Did you try CC0? (Should I have a LICENSE file in the project?) |
|
Option 1: StartSSL is working again, but in order to validate the domain with them we need one of these email addresses configured: If we can do that, the cert is free. Option 2: We can probably convince GlobalSign that we're an open source project if we change our license, but in general I don't like depending on handouts. We're trying to find a new business model here, we're not running a charity. Option 3: We can buy a cert from somewhere else. GlobalSign is $250, I've used DigiCert before for $200, RapidSSL is $50. Any other favorites/advice? |
|
keep an eye on godaddy, I got a two yrs cert for about 7$ once |
|
@olivierlacan is using DNSimple for the domain, so if we're paying for an SSL cert, it might make sense to use DNSimple for that as well. https://dnsimple.com/pricing RapidSSL certificates from GeoTrust certs for $20/year or wildcard certs for $100/year. If we're using Heroku for hosting, their fee for using the SSL cert is the more significant cost. https://addons.heroku.com/ssl |
|
Or is SSL even that important with #111?
|
|
@whit537 Let's say Option 1. I just checked, CC0 is absolutely acceptable. (As a result, @olivierlacan, I have received a StartSSL campaign code that can be used to get the certificate: do you want me to give it to you? Through which channel?) |
|
I've verified the shields.io domain with StartSSL (@olivierlacan was kind enough to share DNS admin privileges with me; I configured MX for Google Apps and set up a hostmaster@ address that routes to me, which is the domain verification mechanism provided by StartSSL). Tomorrow I should be able to get us a certificate and install it at Heroku for img.shields.io. |
|
|
I've provisioned the SSL endpoint. I've emailed StartSSL offering to answer any questions. Once I have the certificate I'll add it to our endpoint and make the DNS change. |
|
Received an email that the certificate has been issued. Now the StartSSL website is "over capacity." 😢 |
|
|
|
@whit537 Good work! ☺ |
|
@whit537 We only got the wildcard SSL I'm guessing, right? That explains why https://shields.io shows this: I feel like we should have the root under SSL. I want to add a section about SSL to the homepage somewhere since some people want to avoid mixed content warnings when using badges. Makes sense @espadrine? |
|
Something to say that, yeah, the root domain doesn't have SSL, but they can totally use HTTPS for badges? Makes sense! |
|
I've noticed that some wildcard certs (GoDaddy in our case, but also DNSimple afaik) do support a bare domain, which we have been using on Heroku. |
Reticketing from #52.
The text was updated successfully, but these errors were encountered: