Summary

Make it easy to satisfy the Let's Encrypt challenge without changing code.

Review Request #8571 — Created Dec. 14, 2016 and submitted Dec. 16, 2016, 11:59 a.m.

Information

Owner

david

Repository

student-sonar

Branch

master

Bugs

Depends On

Commit

2717b78...

Reviewers

Groups

student-sonar

People

Description

Because Heroku doesn't have built-in support for Let's Encrypt, we need to
generate (and renew) the certificate in manual mode. This requires setting up a
special endpoint on the server to serve a secret so that they can verify that
we actually do own the domain that the certificate is being issued for.

So far I've done this by pushing a special build, but that's kind of icky. This
change makes it possible to do the challenge/response by changing environment
variables in the application config.

Testing Done

Used this while renewing the SSL certificate.

Tool: Pyflakes
Ignored Files:
    lib/config.js
    lib/routes.js



Tool: PEP8 Style Checker
Ignored Files:
    lib/config.js
    lib/routes.js

Ship it!

```
Ship It!
```

Status: Closed (submitted)

Change Summary:

Pushed to master (3e18396)

Are you sure you want to post this review?

david March 17, 2017, 9:45 p.m.

I'm not sure if you're really asking or if you're just trying to test out Review Board. If it's the latter, please use https://demo.reviewboard.org.

If you are really asking, yes, I wanted to post this. It doesn't expose any Let's Encrypt secrets, just the code that can be used to handle the challenge when properly configured via environment variables.