[Jenkins-infra] [#121516] Re: repo.jenkins-ci.org certificate renewal

Kohsuke Kawaguchi kk at kohsuke.org
Tue Jan 21 17:28:36 UTC 2020 

Thanks for looking into this.

I felt like the intention behind the question wasn't understood. The point
of Let's Encrypt is the protocol and the tooling
<https://en.wikipedia.org/wiki/Let%27s_Encrypt#ACME_protocol> to completely
automate the certificate acquisition and renewal. If the hosting side (aka
JFrog) supports that, it'll completely get rid of any back and forth to
issue a CSR, purchase a certificate, and install it. This is for example
how I enabled HTTPS on my personal website <http://kohsuke.org>. I
literally had to just press one button on the admin UI of my web hosting
company. My assumption was that you guys host a lot of repositories for
various companies, who all want to access it through their own domain
names. And therefore I thought your product might already support Let's
Encrypt to simplify that process.

Given your answer, it's pretty clear you don't support that today. That's
fine. Please consider this an RFE. I'm sorry that I ended up sending you
down to a research. For me, this was a simple "does your service already
support this" question, but now I realize the disconnect.

I went ahead and acquired a new certificate. Assuming that we are not going
to rekey, here's the new certificate bundle for the same server key. If you
are going to rekey, please send me the new CSR.




On Sat, Jan 18, 2020 at 12:53 PM JFrog Support <support at jfrog.com> wrote:

> Hi Kohsuke,
>
> I've had a chance to look into Let's Encrypt, and my biggest takeaway was
> that their SSL certificates are only valid for 90 days, with no exceptions.
> Are you certain you want to have to take steps to renew your certificate
> every 2.5 months?
>
> Best regards,
> Jason Gloege
> JFrog Support
> [image: JFrog]
> <https://swampup.jfrog.com/?utm_source=Email&utm_medium=Signature&utm_campaign=swampUP_2020&utm_content=HTS_Support>
>
>
>
>
> ref:_00D20M3v0._5001r2cnsmg:ref
>


-- 
Kohsuke Kawaguchi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20200121/a46e0e60/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: repo.jenkins-ci.org.zip
Type: application/zip
Size: 6862 bytes
Desc: not available
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20200121/a46e0e60/attachment.zip>

More information about the Jenkins-infra mailing list