Skip to content

Latest commit

 

History

History
51 lines (35 loc) · 5.36 KB

README.md

File metadata and controls

51 lines (35 loc) · 5.36 KB

Let’s Encrypt Add-On for Automated SSL Certificates Configuration

Let’s Encrypt is a free and open Certificate Authority, that simplifies and automates processes of browser-trusted SSL certificates issuing and appliance. Using this package you can automatically install Let’s Encrypt as an add-on to your environment.

NOTE:

You have the option to install the add-on Let’s Encrypt (a service provided by Internet Security Research Group, a California (United States) Nonprofit Public Benefit Corporation) to request a trusted certificate intended to publicly vouch that you control a certain domain name or names that are reachable on the Internet. As part of the process of proving that control, Let’s Encrypt will collect various information related to certificate authentication and management. That information includes the IP addresses from which you access the Let’s Encrypt service; all resolved IP addresses for any domain names requested; server information related to any validation requests; full logs of all inbound HTTP / ACME requests, all outbound validation requests; and information sent by or inferred from your client software.

Your use of Let’s Encrypt is entirely voluntarily. By installing Let’s Encrypt, you are consenting that your information listed above will be processed as set out in Let’s Encrypt Privacy Policy. If you do not wish your information to be processed by Let’s Encrypt, do not install the add-on, and if you chose to withdraw your consent after its installation, please communicate directly with Let’s Encrypt by contacting them as indicated in their Privacy Policy.

The installation can be performed on one of the following Jelastic containers as an entry point:

  • Load Balancers - NGINX, Apache LB, HAProxy, Varnish
  • Java application servers - Tomcat, TomEE, GlassFish, Payara, Jetty
  • PHP application servers - Apache PHP, NGINX PHP
  • Ruby application servers - Apache Ruby, NGINX Ruby

If you require Let’s Encrypt SSL for any other stack, just add a load balancer in front of your application servers and install the add-on. SSL termination at load balancing level is used by default in clustered topologies.

The Let’s Encrypt add-on allows to configure SSL for:

  • internal environment address, which is composed of environment name and platform domain, to be served with a dummy (i.e. not commonly trusted) SSL certificate; this option can be used for testing purposes
  • external domain(s), each of which should be preliminarily bound to external IP of the corresponding node - either master application server instance or load balancer - via A Record or CNAME; provides trusted SSL certificates for production applications

To get deeper insights on how the Let’s Encrypt service works, refer to the official documentation.

Installation Process

Import the raw link of the add-on manifest within Jelastic PaaS dashboard or initiate the installation within Marketplace > Add-Ons.

Note: to access the dashboard you need to be registered at one of the Jelastic Public Cloud providers or have a Private Cloud installation.

In the opened confirmation window:

  • provide External Domain(s) of target environment, the possible options are:
    • leave the field blank to create a dummy SSL certificate, assigned to environment internal URL (env_name.{hoster_domain}), for being used in testing
    • insert the preliminary linked external domain(s) to get trusted certificates; if specifying multiple hostnames, separate them with either comma or semicolon

  • select the corresponding Environment name within the expandable drop-down list
  • choose a Nodes layer with your environment entry point (usually, it’s automatically detected but can be redefined manually)

Finally, click Install and wait a few minutes for the process to be completed.

For additional information on how to renew or reconfigure SSL certificates using this add-on, follow the detailed Let’s Encrypt SSL Certificates article. Take into account, the free and custom SSL certificates are provided for billing accounts only.

Try out the Let’s Encrypt SSL add-on with Jelastic Multi-Cloud PaaS for Java, PHP, Node.js, Ruby, Python, .NET, Go, Docker Swarm and Kubernetes clusters.