Flynn: Clarity on SSL-support (Let's Encrypt/third-party) for custom domain
I have searched through a number of past issues and I don't think this question has been asked yet (specifically). Threads of ref are: #1995 #4225
Here is the breakdown from my side:
- I am running a website at a generic-route like: https://[subdomain].[xxxx].flynnhub.com
- I have followed the instructions here: https://flynn.io/docs/apps#custom-domains and added my own: subdomain.mydomain.com
- Once this propagates, I will be able to visit: subdomain.mydomain.com , but if I have not added the generated-cert to my test-browsers (or if other users visit the custom domain or even the regular domain at 1) above, they will get errors for an invalid cert)
With #1995 and https://flynn.io/docs/apps#https , do I need to generate a Let's Encrypt certificate manually so that I can secure: subdomain.mydomain.com > https://subdomain.mydomain.com ?
If YES, can anyone explain the basic steps of doing this (as I am unsure if HTTPS should be done for both subdomain.mydomain.com && [subdomain].[xxxx].flynnhub.com) ?
PS. _I understand that there exists multitudes of resources on how to certify a domain/subdomain (with Let's Encrypt) regularly, but the question above is for the Flynn-specific use-case_
Kentoseth
All 4 comments
If you want user to be able to access your application on your custom domain you need to add a route to Flynn for subdomain.mydomain.com. You also need to create or order an SSL certificate, for instance from Let's Encrypt, using GetSSL is an easy way to do that. Once you have the signed certifcate you update the route with the cert and key. You could also easily write a post-order script to install that certificate to your route in Flynn you created.
bbaptist
on 5 Sep 2017
@bbaptist
What path did you use for this:
# ACL=('/var/www/subdomain.mysite.org/web/.well-known/acme-challenge')
# 'ssh:server5:/var/www/subdomain.mysite.org/web/.well-known/acme-challenge'
# 'ssh:sshuserid@server5:/var/www/subdomain.mysite.org/web/.well-known/acme-challenge'
# 'ftp:ftpuserid:ftppassword:subdomain.mysite.org:/web/.well-known/acme-challenge')
?
Kentoseth
on 6 Sep 2017
So for anyone needing (free) SSL for your flynn site, here are my instructions for doing so:
Install certbot-auto:
https://certbot.eff.org/docs/install.html#certbot-autoValidate your domain/subdomain with the different options certbot offers (DNS validation is quite easy)
Once validated, you will get a
fullchain.pemfile and aprivkey.pemfileYou may need to
catand save those files somewhereRun the following command:
flynn route update http/[route-ID] --tls-cert=fullchain.pem --tls-key=privkey.pem
Success!
Kentoseth
on 6 Sep 2017
@Kentoseth I've done exactly as said here. I have a fullchain (consist of 3 different certificates) and privatekey and a certificate file. I used fullchain.pem and privkey.pem in this case. it says:
validation_error: Certificate invalid: tls: failed to find any PEM data in key input
service provider gave me these: x.509, intermediate certificate, root certificate
there are no docs on what is needed for route update for SSL.
hadifarnoud
on 30 Jun 2019
Related issues
WriteCodeEveryday
·
5Comments
tuukkamustonen
·
5Comments
IsNull
·
5Comments
lmars
·
3Comments
lmars
·
4Comments
Most helpful comment
So for anyone needing (free) SSL for your flynn site, here are my instructions for doing so:
Install certbot-auto:
https://certbot.eff.org/docs/install.html#certbot-autoValidate your domain/subdomain with the different options certbot offers (DNS validation is quite easy)
Once validated, you will get a
fullchain.pemfile and aprivkey.pemfileYou may need to
catand save those files somewhereRun the following command:
Success!