I have searched through a number of past issues and I don't think this question has been asked yet (specifically). Threads of ref are: #1995 #4225
Here is the breakdown from my side:
With #1995 and https://flynn.io/docs/apps#https , do I need to generate a Let's Encrypt certificate manually so that I can secure: subdomain.mydomain.com > https://subdomain.mydomain.com ?
If YES, can anyone explain the basic steps of doing this (as I am unsure if HTTPS should be done for both subdomain.mydomain.com && [subdomain].[xxxx].flynnhub.com) ?
PS. _I understand that there exists multitudes of resources on how to certify a domain/subdomain (with Let's Encrypt) regularly, but the question above is for the Flynn-specific use-case_
If you want user to be able to access your application on your custom domain you need to add a route to Flynn for subdomain.mydomain.com
. You also need to create or order an SSL certificate, for instance from Let's Encrypt, using GetSSL is an easy way to do that. Once you have the signed certifcate you update the route with the cert and key. You could also easily write a post-order script to install that certificate to your route in Flynn you created.
@bbaptist
What path did you use for this:
# ACL=('/var/www/subdomain.mysite.org/web/.well-known/acme-challenge')
# 'ssh:server5:/var/www/subdomain.mysite.org/web/.well-known/acme-challenge'
# 'ssh:sshuserid@server5:/var/www/subdomain.mysite.org/web/.well-known/acme-challenge'
# 'ftp:ftpuserid:ftppassword:subdomain.mysite.org:/web/.well-known/acme-challenge')
?
So for anyone needing (free) SSL for your flynn site, here are my instructions for doing so:
Install certbot-auto: https://certbot.eff.org/docs/install.html#certbot-auto
Validate your domain/subdomain with the different options certbot offers (DNS validation is quite easy)
Once validated, you will get a fullchain.pem
file and a privkey.pem
file
You may need to cat
and save those files somewhere
Run the following command:
flynn route update http/[route-ID] --tls-cert=fullchain.pem --tls-key=privkey.pem
Success!
@Kentoseth I've done exactly as said here. I have a fullchain (consist of 3 different certificates) and privatekey and a certificate file. I used fullchain.pem and privkey.pem in this case. it says:
validation_error: Certificate invalid: tls: failed to find any PEM data in key input
service provider gave me these: x.509, intermediate certificate, root certificate
there are no docs on what is needed for route update for SSL.
Most helpful comment
So for anyone needing (free) SSL for your flynn site, here are my instructions for doing so:
Install certbot-auto:
https://certbot.eff.org/docs/install.html#certbot-auto
Validate your domain/subdomain with the different options certbot offers (DNS validation is quite easy)
Once validated, you will get a
fullchain.pem
file and aprivkey.pem
fileYou may need to
cat
and save those files somewhereRun the following command:
Success!