let's encrypt juju controllers no longer work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Francesco Banconi | ||
2.3 |
Won't Fix
|
High
|
Unassigned |
Bug Description
Per https:/
In order to correct this @frankban has updated jujushell to move to the http challenge type and can see the related changes in the recent commit history here:
https:/
Juju also needs these updates in order to restore the functionality of having a valid DNS name on a self-hosted controller such that the GUI and the API are available over the let's encrypt ssl cert.
Changed in juju: | |
milestone: | 2.3.3 → none |
Changed in juju: | |
status: | Fix Committed → Fix Released |
To support this, we would need to expose port 80 and have a mux that can respond to the http challenge that Lets Encrypt is now generating.
We would also need to expose port 80 for controller machines.
If we are going to do that, we should probably also give a redirect from http:80 to https:17070 for all other requests on port 80, which gives a nice user experience when they do have their own DNS names. Then it redirects them to the GUI on the right port.