13

Is there any integration for Let's Encrypt in OpenShift (or, is this planned)? Let's encrypt are going to issue certs that expire in 90 days[1] -- and a big part of their plan is to have automation setups via people who use their certs so that they're always updated with new certs. Given this, some integration from OpenShift would be necessary.

Thanks,

[1] https://letsencrypt.org/2015/11/09/why-90-days.html

gopher
  • 129
  • 7
  • This question would be more appropriate on the [OpenShift github](https://github.com/openshift/). Find the relevant project and post a issue. – Phil Ricketts Dec 01 '15 at 16:56

1 Answers1

11

Currently, the ability to automate ssl certificate renewals and installation on OpenShift Online is not possible because the ssl certificates are stored at the node level, and ssl connections are terminated by the node level proxy (Reference this). If you would like to see it included in future versions, you should vote here and get people to vote on it. It's possible that you could automate it locally somewhat (or build a module to do it) by using the OpenShift Online API. Another suggestion would be to get a free ssl certificate from StartSSL that lasts for a year and install it either using the command line, or the web console.

schnatterer
  • 7,525
  • 7
  • 61
  • 80
  • 3
    There is a suggestion on uservoice already BTW: https://openshift.uservoice.com/forums/258655-ideas/suggestions/10666368-provide-free-ssl-certificates-through-let-s-encry – dst Dec 12 '15 at 08:30
  • Links are down. Any news on this? – Rotareti Nov 21 '17 at 11:48
  • I think the answer and links were for Openshift online v2, which has been sunset. For the kubernetes-based Openshift online v3, see https://github.com/tnozicka/openshift-acme/issues/28 and maybe https://github.com/jetstack/cert-manager. Note free plan currently doesn't allow custom domain routes, paid Pro plan does. – Beni Cherniavsky-Paskin Aug 09 '18 at 08:41