[Feature Request] Automatic SSL/TLS certificates for Object Storage ("Let's Encrypt")
I was pleasantly surprised to discover that Linode now supports custom SSL/TLS certificates for Object Storage, however this still requires manually obtaining and deploying a certificate to use.
It would be fantastic if Linode provided the option of automatically provisioning certificates via Let's Encrypt.
While it is possible to manually configure Let's Encrypt certificates, they typically require renewal every 90 days. This could certainly be automated using the Linode API, but it seems like it would be a useful feature for many users.
Thanks!
[Edit] If anyone is interested, I've written a small ACME client for provisioning Let's Encrypt certificiates on Linode Object Storage: https://github.com/dcoles/acme-linode-objectstorage
12 Replies
Hi @dcoles
We appreciate you taking the time out to provide us with this feedback and feature request. I've passed this information along to our team to review, and have added your feature request to our internal tracker. While I cannot comment on if or when this feature will be implemented, we do take our customers feedback seriously, and are always looking for ways to improve our customers experience on our platform.
If anyone is interested, I've written a small ACME client for provisioning Let's Encrypt certificiates on Linode Object Storage: https://github.com/dcoles/acme-linode-objectstorage
Do we have any updates on this feature request? It will be best if this can be implemented the soonest time.
Thanks everyone for adding your voices to this feature request. We don't have an update to provide at this time, but I'll make sure to add each of your requests to our internal tracker.
@dcoles I am facing issue with upload images to object storage and I think it is because of certificate. Please check this post: https://www.linode.com/community/questions/21684/hostnameip-does-not-match-certificates-altnames-host
I tried what you mentioned in readme file here: https://github.com/dcoles/acme-linode-objectstorage
py -m acme_linode_objectstorage -k account_key.pem mybucket-Name --cluster region --agree-to-terms-of-service
I tried above command but it is saying no matching bucket found any idea why so? What am I missing?
+1 for me too
It would be extremely helpful for us if we could automatically upload our SSL cert for our object bucket. Right now I have to remember to do it before our LetsEncrypt cert expires---and as it is I tend to get reminded just after expiry rather than before…
It is possible now to update object storage certs programatically. The API supports it:
Create an API token.
Delete the old cert pair: https://techdocs.akamai.com/linode-api/reference/delete-object-storage-ssl
Post the new cert pair: https://techdocs.akamai.com/linode-api/reference/post-object-storage-ssl
I used curl to do this in a shell script, which I'm having cron run once per quarter after certbot renews my letsencrypt cert.
@uckelman Yes, that's one of the APIs I use in acme-linode-objectstorage tool.