Make it easy to satisfy the Let's Encrypt challenge without changing code.

Review Request #8571 - Created Dec. 14, 2016 and submitted

David Trowbridge

Because Heroku doesn't have built-in support for Let's Encrypt, we need to
generate (and renew) the certificate in manual mode. This requires setting up a
special endpoint on the server to serve a secret so that they can verify that
we actually do own the domain that the certificate is being issued for.

So far I've done this by pushing a special build, but that's kind of icky. This
change makes it possible to do the challenge/response by changing environment
variables in the application config.

Used this while renewing the SSL certificate.

Review Bot
Barret Rennie
David Trowbridge
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to master (3e18396)
wa haha
  1. Are you sure you want to post this review?

    1. I'm not sure if you're really asking or if you're just trying to test out Review Board. If it's the latter, please use

      If you are really asking, yes, I wanted to post this. It doesn't expose any Let's Encrypt secrets, just the code that can be used to handle the challenge when properly configured via environment variables.