Inside Gratipay

This is Gratipay's internal company portal. First time here? Welcome! Start at the top. :-)

Install a TLS Certificate

Our certificate vendor is Let's Encrypt, and Heroku has wonderful integration to provide certificate renewal automatically. We're able to take advantage of that for and For our domains hosted at MaxCDN, the process is more manual, using the certbot command-line tool.


Install certbot locally, then run it in the certs directory of an Inside Gratipay repo checkout, with the provided configuration file:

git clone
cd certs
certbot certonly -c

You'll have to agree to having your IP address publicly logged, and then you'll be prompted to verify ownership of the domains via dns-01 challenges (http-01 isn't even possible with MaxCDN). Update the relevant DNS records in DNSimple, and await verification.

You should end up with one cert, which we will use with both domains. Login toA MaxCDN (creds are in 1Password). Go to Account > SSL and edit the one certificate you find there, pasting in values copied from the files you find under tmp/archive:

Once you're done, rm -rf tmp to clear out sensitive files from your laptop.

Table of Contents