Changelog

Managed HTTPS Endpoints

Thomas Orozco on August 4, 2016

Earlier this week, we released Managed HTTPS Endpoints. These endpoints have a few key benefits:

  1. Your SSL/TLS certificate is free (!)
  2. Aptible handles generating the initial certificate
  3. Aptible handles renewing the certificate

All you need to get started with a Managed HTTPS Endpoint is a domain name! No more ops headaches trying to generate CSRs, keep private keys and certs straight, or deal with inconveniently-timed renewals.

Under the hood, Managed HTTPS uses Let’s Encrypt to automatically provision certificates for you. Aptible customers requested this feature, and we are proud to contribute to the global movement towards 100% HTTPS.

How it works

'Create a New Endpoint' view

Setting up a Managed HTTPS Endpoint is a 3-step process:

  1. Add an Endpoint to your app, and choose Managed HTTPS as the endpoint type. You will need to provide the domain name you intend to use with your app (e.g. www.myapp.com). Aptible will use that name to provision a certificate via Let’s Encrypt.

  2. When you create the endpoint, Aptible will provide you with an endpoint address. Use your DNS provider to create a CNAME from your domain (www.myapp.com) to this endpoint address (something like elb-1234.aptible.in).

  3. Back in the Aptible Dashboard, confirm that you created the CNAME. Aptible will automatically provision your certificate, and you’re in business!

Note that between steps 2 and 3, your app won’t be available because you need to set up the CNAME before Aptible can provision the certificate. This isn’t ideal if you are migrating an app from somewhere else. Fortunately, you can just provide a transitional certificate that Aptible will use until your new Let’s Encrypt certificate is available. If you need to add a new certificate for this, just select the “Certificates” tab under your main environment view.

Once your endpoint is up and running done, we recommend you review our instructions for customizing SSL, in order to redirect end-users to HTTPS and disable the use of weaker cipher suites, which will earn the much-coveted A+ grade on Qualys’ SSL Test!

Qualys SSL Test results

Why use Managed HTTPS?

Above all else, Managed HTTPS brings you simplicity and peace of mind:

  • Setup is greatly simplified: all you need is a domain name. No need to generate your own certificate signing request, deal with a CA, or upload your certificate and key to Aptible.
  • Maintenance is essentially eliminated: you won’t need to remember to renew a certificate ever again.
  • Oh, and did we mention it’s free?

Enjoy! As usual, let us know if you have any feedback.