Automatic TLS is now a thing
We are rolling out new automatic TLS infrastructure that does not require members to set up or maintain anything. This means that, for new sites, aliases will get TLS automatically within a few minutes after they are set up and working. This works transparently with all site types, including custom processes and proxies. It doesn’t cost anything, you don’t have to do anything to set it up, and you don’t have to do anything to renew it.
Existing sites that we can detect to be using tls-setup.sh will be migrated to this setup over the next few weeks. That process is completely transparent, and our system attempts to disable the tls-setup.sh scheduled task once it is complete. Once that’s done, we’ll start adding automatic TLS to other existing sites. Our goal is to have TLS available on all aliases of all sites hosted here by the end of June. We will be monitoring the rollout and taking steps to improve the diagnostics and reporting.
This doesn’t affect the ability of sites to be accessed via HTTP, although we (continue to) strongly discourage that.
If this has been enabled for your site, you’ll see the 🔁 emoji next to aliases other than the permanent .nfshost.com alias in the Site Names & Aliases panel on your Site Information panel in the Member Interface.
Our special thanks to Let’s Encrypt, whose service provider integration makes this possible.
8 Comments
RSS feed for comments on this post.
Sorry, the comment form is closed at this time.
Categories:
- Beta
(9)
- Humor (3)
- Miscellaneous (3)
- Network Status (23)
- News & Announcements (74)
- Policy Changes (11)
- Politics & Legal (8)
- Tips & Tricks (6)
- Updates & Upgrades (60)
Archives:
- May 2024 (1)
- December 2023 (1)
- August 2023 (1)
- July 2023 (1)
- January 2022 (1)
- January 2021 (1)
- December 2019 (1)
- February 2018 (1)
- September 2017 (1)
- February 2016 (1)
- June 2015 (1)
- May 2015 (1)
- March 2015 (1)
- December 2014 (1)
- November 2014 (1)
- September 2014 (1)
- August 2014 (2)
- July 2014 (1)
- April 2014 (1)
- February 2014 (1)
- December 2013 (1)
- September 2013 (2)
- December 2012 (1)
- October 2012 (1)
- July 2012 (1)
- January 2012 (2)
- December 2011 (1)
- November 2011 (1)
- August 2011 (1)
- April 2011 (1)
- March 2011 (1)
- February 2011 (1)
- November 2010 (2)
- July 2010 (1)
- June 2010 (1)
- April 2010 (1)
- March 2010 (2)
- November 2009 (2)
- August 2009 (1)
- July 2009 (1)
- June 2009 (3)
- March 2009 (1)
- February 2009 (1)
- November 2008 (2)
- October 2008 (1)
- September 2008 (3)
- May 2008 (3)
- April 2008 (5)
- February 2008 (2)
- December 2007 (1)
- September 2007 (4)
- July 2007 (1)
- June 2007 (2)
- April 2007 (2)
- March 2007 (2)
- February 2007 (2)
- January 2007 (4)
- December 2006 (1)
- November 2006 (7)
Entries and comments feeds.
Valid XHTML and CSS.
Powered by WordPress. Hosted by NearlyFreeSpeech.NET.
I was wondering why I saw that icon on one of my sites when I looked today.
Comment by MiquelFire — May 11, 2024 #
That’s awesome, thank you!!
Comment by Andrew Guyton — May 11, 2024 #
Very cool! Thank you so much.
I imagine that the service provider integration also involves Let’s Encrypt waiving their individual Terms & Conditions signoff that they would normally require each user to do (besides any technical integration.)
Comment by Tim McCormack — May 11, 2024 #
That’s correct. That requirement was why we didn’t think we could do this, but it turns out that they’re happy to allow us to do that as long as we’re the ones holding the private keys. -jdw
Comment by jdw — May 11, 2024 #
Deployed a new site with domain’s DNS still pointing at old host. Set up content, then switched over DNS.
Automatic TLS didn’t set up correctly because DNS was wrong. Now that it’s correct, I see no way to retry. Guess I just wait.
Doesn’t this present a problem for anyone attempting a fast cutover between hosting providers?
Comment by bendodge — May 17, 2024 #
It waits for DNS to be set up correctly before trying in the first place, then retries fairly aggressively (with exponential backoff) if needed. Much moreso than tls-setup.sh did.
However, we are also still working through the weird edge cases you get when reality doesn’t match the OT&E, and that occasionally leads to delays until we figure it out. That’s likely what you experienced. -jdw
Comment by jdw — May 17, 2024 #
Well look at that. 😉 Niiice! (And sorry for the hassle in the support forums.)
Comment by gellenburg — May 18, 2024 #
Thank you!!! Great feature
Comment by venteria — May 29, 2024 #