Add Let's Encrypt automation to OD server
Ensuring certificates for the OD server are up to date are a little annoying. It would be awesome if the OD server could support renewing it's own hosting certificate with Let's Encrypt.
I've had a stab at creating custom steps to do this. The main issue is domain validation (DV). DNS validation often requires manual intervention and OD server controls http (see discussion at https://community.letsencrypt.org/t/domain-validation/26512 ).
The only way I see this really progressing forward is if OD server supports Let's Encrypt in the server as a maintanence task as it would be able to respond to http DV requests. It could then get the new certificate issued after successful http DV and update its https binding to use the new certificate.
I would also like to have the same thumbprint configured in the registry of the server for RDP access. An option to support this as part of the certificate renewal would be great.
This has been released with Octopus 3.15. See our blog post for more information – https://octopus.com/blog/octopus-release-3-15.
Aaron Roydhouse commented
The Let's Encrypt module is great but it is missing from Octopus Cloud 2019.5.9
We can’t assign our own CNAME due to the Let’s Encrypt module being missing. It is ok for internal use, but if we want Tenants to have access to see what we’ve deployed for them, then we would want to use octopus.mycompany.com not mycompany123.octopus.app.
Seems minor, but do you guys use email@example.com as your public email address for customers? Nope, and we don’t want to either :-)
Please add back the excellent Let’s Encrypt module in Octopus Cloud and route port 80 or just .well-known/acme-challenge/ to the relevant instance. Customers can create their own CNAME record, and we are back in our happy place / domain.