0

I'm setting up Let's Encrypt to issue certificates automatically. Each user will have their own subdomain so I need to create certificates in batch every so many hours to avoid LE's rate limits.

Between the time they sign up and the time their certificate is ready I want to serve their subdomain over HTTP. As long as the certificate exists, the action should be to always redirect HTTP to HTTPS. Bonus if we can check the validity of the certificate. Suggestions?

That Realtor Programmer Guy
  • 233
  • 2
  • 8

1 Answers1

2

Why not make adjusting nginx part of the same script that handles the batch requests?

You could for example create a bit of code in a configuration management tool (e.g. ansible), that created an HTTP-only virtual host if a given certificate was not seen, and an HTTPS virtual host when the certificate is actually available.

You could then either make your existing script call your configuration management tool at the end of its run, or even simply run your configuration management tool periodically.

Depending on what kind of service you are providing users, though, it may not be desirable to allow HTTP access (notably if it is likely the first thing they will do is to try and log on to that service).

iwaseatenbyagrue
  • 3,688
  • 15
  • 24
  • hi thanks for the response. it is a viable solution but I am attempting to avoid switching configurations around. right now i am able to verify new domains without reloading configs which we see as more stable. if we can't find any other way then we will probably consider this the plan B. on the note about user login, not to worry all authenticated activity/login is on the root domain and 'service' subdomain only. these subdomains contain generated content and the HTTPS is just for good practice and catching referrer from google etc.. – That Realtor Programmer Guy Mar 09 '17 at 14:41