Renew/change SSL Cert

[Splaktar]

Cert expires on 9/4/2016.

GoDaddy Standard SSL Renewal 
hub.gdgx.io
Renew By: 8/3/2016
Term:  1 Year 
Total: $69.99

We got a free 1 year cert from GoDaddy for being an open-source project. We may be able to renew it for free.

But we should probably just switch over to https://letsencrypt.org/.

[aktravelling]

Makes sense to me, I have had good experience with letsencrypt. GoDaddy isn't alone with offering a one year free cert, gandi, my preferred provider, also offers the one year but I found letsencrypt at least as good.

[tasomaniac]

I actually heard about letsencrypt couple of days ago in a comic strip. :)
I think we can try it as long as it is easy.

Also I used cloudflare to have https. That was super easy. The free version
just secures the traffic between user and cloudflare server. And between
cloudflare and our server it is unprotected.

On Tue, Jun 14, 2016, 17:46 Ann-Katrin B notifications@github.com wrote:

Makes sense to me, I have had good experience with letsencrypt. GoDaddy
isn't alone with offering a one year free cert, gandi, my preferred
provider, also offers the one year but I found letsencrypt at least as
good.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#91 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AAuly-9ORAkr523lgns48yWe4uwAZ0VJks5qLszigaJpZM4I0tWD
.

[Splaktar]

Tried LetsEncrypt and it didn't go as smoothly as everyone I've heard has said. Plus the certs have to be renewed every 90 days. The problems were mostly due to GCE and the LB configuration being a pain in the ass. More here: gdg-x/firefly#97 (comment)

[Splaktar]

This certificate is now expired and now that Firefly is HTTPS, this breaks the entire Firefly app because it is calling insecure APIs. 😢

[Splaktar]

Signed up for a free open source SSL cert from GlobalSign. Waiting on them to approve it.

[Splaktar]

They said that they would sent me the certification via email 'shortly' about 6 hours ago. Nothing yet.

[Splaktar]

GlobalSign is still delaying sending me the certificate after saying that it would be sent 'shortly' yesterday. I emailed them today and they said that they would expedite the process but gave no indication of when it would be complete.

I took a look at @aktravelling's suggestion of Gandi, but they have the same offer as GoDaddy, free for 1 year, then you have to pay. So we would be right back in the same place in 12 months.

[Splaktar]

Robert Jacob suggested looking into https://github.com/hlandau/acme. It looks a lot better than the existing, official Let's Encrypt clients. Still have to figure out how to use it with the GCE Load Balancer or App Engine Flexible Environment though.

[Splaktar]

Jacques Supcik suggested looking at https://startssl.com as well. He mentioned that he couldn't find any GCE API or blog posts to solve the issue of not being able to automate certificate renewal on GCP with the GCE Load Balancer.

[Splaktar]

This issue is open for tracking GCP support for Let's Encrypt and ACME.

[Splaktar]

ok, it’s finally done, had to use openssl to convert keys to pem since StartSSL gave me another format and different openssl commands that didn’t work for GCP
both hub and firefly are back in working / secure form!