Install a TLS Certificate
Our certificate vendor is Let's Encrypt, and Heroku
to provide certificate renewal automatically. We're able to take advantage of
grtp.co. For our domains hosted at MaxCDN, the
process is more manual, using the
certbot command-line tool.
certbot locally, then run it in the
certs directory of an Inside
Gratipay repo checkout, with the provided configuration
git clone email@example.com:gratipay/inside.gratipay.com.git cd certs certbot certonly -c assets.gratipay.com.ini
You'll have to agree to having your IP address publicly logged, and then you'll
be prompted to verify ownership of the domains via
http-01 isn't even possible with MaxCDN). Update the relevant DNS records in
DNSimple, and await verification.
You should end up with one cert to use for both domains. Login to
MaxCDN (creds are in 1Password). Go to Account > SSL
and edit the one certificate you find there, pasting in values copied from the
files you find under
cert1.pem→ SSL Certificate (Cert)
privkey1.pem→ SSL Key
fullchain.pem→ Certificate Authority (CA) Bundle
Once you're done,
rm -rf tmp to clear out sensitive files from your laptop.