Let’s Encrypt Certificates For Everyone

We have been issuing and automatically installing Let's Encrypt® certificates for a while now. The only manual thing was the trigger of this process. But today, we are glad to announce fully automated Let's Encrypt certificates for everyone!

When you add a domain — which targets Clever Cloud — to an application; it will have its own certificate a few minutes later (up to 12 minutes later).

This has been live since 2018-11-16. Hundreds of certificates have been issued since then. This has been possible thanks to Let's Encrypt, who also extended their rate limiting on their API.

How do we do this?

As explained in the previous blog post, queries to the path used by Let's Encrypt to check the ownership of the domain are routed to our Let's Encrypt integration service. This allows us to process the Let's Encrypt queries, get the certificate and give it to our certificates manager.

Here is what's new. Once a user adds a new domain, we periodically check that we can reach our Let's Encrypt integration service. When we do, we start the usual process et voilà.

What if I want another kind of certificate?

That's not a problem:

If you already have a certificate, we will not create a Let's Encrypt certificate.

How about existing domains?

Existing domains which do not yet have a certificate will all get a Let's Encrypt certificate.

This will be done over the next weeks to come. We can't do this in a single batch for two reasons:

  • Let's Encrypt rate limiting (we have extended limits but we still cannot send such a big batch all at once)
  • We need to spread this out so that we don't have a big batch of renewals every 3 months

If you don't want to wait, you can simply ask us to enable it.

Next steps

There are a few things yet to come:

  • Interface in the console to track the status of the certificates
  • Support of wildcard certificates (which will not be quite as automatic because it requires DNS validation; this will require an action from you at first)

One last thing

We are now proud sponsors of Let's Encrypt!

Blog

À lire également

Deploy Brinjel on Clever Cloud

Brinjel is an open-source field management software designed for market gardeners, helping them plan seasons, track harvests, and optimize agricultural production. Created by and for market gardeners, it emphasizes an intuitive interface and features tailored to real-world needs.
Company

Simplify the management of Clever Cloud services via Kubernetes with our new operator

For the past two years, we've been enabling our customers to combine the ease of deployment of Clever Cloud with an existing Kubernetes infrastructure through an operator.
Engineering

Keycloak as a Service: identity management without the complexity

Ensuring identification and access management (IAM) in an application is a challenge that is as strategic as it is complex. But beyond the initial configuration, it is the maintenance, updates and supervision of the solution that most mobilise your teams. What if you could concentrate on your applications... while a managed solution took care of the rest?
Company