Make it easy to satisfy the Let's Encrypt challenge without changing code.

Review Request #8571 — Created Dec. 14, 2016 and submitted

Information

student-sonar
master
2717b78...

Reviewers

Because Heroku doesn't have built-in support for Let's Encrypt, we need to
generate (and renew) the certificate in manual mode. This requires setting up a
special endpoint on the server to serve a secret so that they can verify that
we actually do own the domain that the certificate is being issued for.

So far I've done this by pushing a special build, but that's kind of icky. This
change makes it possible to do the challenge/response by changing environment
variables in the application config.

Used this while renewing the SSL certificate.

reviewbot
  1. Tool: Pyflakes
    Ignored Files:
        lib/config.js
        lib/routes.js
    
    
    
    Tool: PEP8 Style Checker
    Ignored Files:
        lib/config.js
        lib/routes.js
    
    
  2. 
      
brennie
  1. Ship It!
  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to master (3e18396)
SW
  1. Are you sure you want to post this review?

    1. I'm not sure if you're really asking or if you're just trying to test out Review Board. If it's the latter, please use https://demo.reviewboard.org.

      If you are really asking, yes, I wanted to post this. It doesn't expose any Let's Encrypt secrets, just the code that can be used to handle the challenge when properly configured via environment variables.

  2.