Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to manage Let's Encrypt certificate for non-Drupal site? #1677

Open
ar-jan opened this issue Oct 2, 2022 · 5 comments
Open

How to manage Let's Encrypt certificate for non-Drupal site? #1677

ar-jan opened this issue Oct 2, 2022 · 5 comments
Labels
status - needs work type - feature request

Comments

@ar-jan
Copy link
Contributor

ar-jan commented Oct 2, 2022

I recall seeing a workaround mentioned that allowed to have BOA manage creation of a Let's Encrypt certificate for a custom, non-Drupal site. Something like creating a dummy website via Aegir and then renaming vhosts, or something like that. I can´t find this anymore, any pointers?
@reswild
Copy link
Contributor

reswild commented Apr 11, 2023

You might be thinking about this recipe: #790 (comment)

I have used it on a few sites, and it works well enough, although it is a bit wasteful to spin up a whole Drupal site just to manage a SSL certificate, so I have been thinking I should find a better way of doing this.

@omega8cc
Copy link
Owner

We have plans for this feature once support for Grav CMS will be officially added.

@g33k-g1rl
Copy link

g33k-g1rl commented Jun 15, 2024
edited
Loading

I'm a new Aegir convert here. I so appreciate what you have done with creating BOA! Is there any update for how to manage SSL certificates for non-drupal websites outside of BOA?

I'm familiar with doing this with Aegir and Apache2 in Debian stable.

@g33k-g1rl
Copy link

I was doing an upgrade and noticed adminer was installed. It exists outside of the aegir config in /var/www/

I went to adminer and it gives me an SSL warning. I checked the vhost file for adminer and this is what I found:

ssl_dhparam /etc/ssl/private/nginx-wild-ssl.dhp;
ssl_certificate /etc/ssl/private/nginx-wild-ssl.crt;
ssl_certificate_key /etc/ssl/private/nginx-wild-ssl.key;

How do I enable SSL for adminer?

@omega8cc
Copy link
Owner

Using self-signed wildcard certificates was the trick we have used for years before Let’s Encrypt and continued to use for both Aegir Master instance and SQL manager, also by default not enabling it on the Octopus instance.

Initially it was required because it was easy to hit LE limits and get stuck with sites certificates updates.

These days some browsers no longer even allow to easily accept a self-signed certificate, plus LE offers good limits, so we plan to add LE support for all parts of the BOA system and with the addition of easy hosting for Grav CMS and other non-Drupal sites we will offer LE automation also outside of Aegir on BOA.

We already have the backend part ready and actually used by Aegir and BOA automation for years, we just need to add both automation and command line tools to make it easy for non-Drupal sites.

Sent with GitHawk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status - needs work type - feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@omega8cc @ar-jan @reswild @g33k-g1rl