Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider changing to CloudFlare SSL #169

Open
benrfairless opened this issue Oct 9, 2024 · 1 comment
Open

Consider changing to CloudFlare SSL #169

benrfairless opened this issue Oct 9, 2024 · 1 comment
Labels
enhancement righttoknow.org.au

Comments

@benrfairless
Copy link
Member

Suggestion from user below:

I see that you use Let's Encrypt for the websites SSL certificate, which requires renewing every 90 days. As you are aware, this causes brief outages.

I would recommend using CloudFlare's SSL certificates, as they auto renew. It is completely free. There is a reason almost 20% of the entire internet use CloudFlare's services (most of them on the free plan).

--
Source: https://mail.missiveapp.com/#team_unassigned/8555ecd2-4304-41e5-ab2d-17e392eab5df_team_unassigned/conversations/301b878a-33f3-4d29-b93b-bf15d5ec4e57
@benrfairless benrfairless mentioned this issue Oct 10, 2024
Open
@benrfairless
Copy link
Member Author

In order for this to work, we would need to:

  • Order a Universal SSL from Cloudflare
  • Update DNS to proxy the DNS traffic through Cloudflare
  • Follow the process here to create and install the Origin CA Certificate on the RTK server
  • Change the SSL/TLS Mode to Full (strict).
  • Remove certbot and LetsEncrypt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement righttoknow.org.au
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@benrfairless