WebFaction
Community site: login faq
20
4

Let’s Encrypt is by early November going to be the best way for Normal People to get SSL support, both because of the practically nonexistent maintenance burden and because it’s free.

However, there’s a problem; their reference client is designed for dedicated servers and requires root, operating on port 443 directly to prove ownership of a domain. It’s not designed for an environment like WebFaction’s. It can all be run manually, but it’s not going to be the most obvious or well-documented thing, nor is it as easy as the normal approach (which misses a large part of the point of the thing). On a shared IP address (where SNI is used), I’m not certain whether it will be possible to use Let’s Encrypt at all, as a matter of fact, though I hope something could be arranged. I expect that at the least it would require special action on the part of WebFaction, in two steps (putting up the proof-of-ownership thing to port 443, then putting up the final certificate) with new certificates not being automatically generated and updated, either.

There are two approaches to sorting this out:

  1. The simple approach is to figure out instructions on how to go about setting it up, ideally condensing that down to a single script that can be run. It may still require a dedicated IP address, but I haven’t checked out what it actually serves on port 443 normally and whether it could be achieved with SNI or not. Ideally WebFaction won’t need to be involved to get each Let’s Encrypt certificate to work, but as mentioned I think it would require two steps of manual intervention.

  2. Ideally, WebFaction would instead put special support for Let’s Encrypt into the panel, which would be perfect as it would allow someone to get HTTPS with no special configuration at all—it could simply default to procuring a Let’s Encrypt certificate if “HTTPS?” is ticked, which you can then override to specify your own certificates.

With Let’s Encrypt, there’s a perfect opportunity for WebFaction to provide easy and complete basic SSL support, which would be a really good thing.

Please?

asked 15 Sep '15, 04:55

Chris%20Morgan's gravatar image

Chris Morgan
21829
accept rate: 0%

1

You definitely won't be able to do this on your own, since doing so requires access to the front-end Nginx server configuration.

(04 Nov '15, 20:27) seanf ♦♦ seanf's gravatar image

+1 for this. Let's Encrypt is the future. Their certificates are only valid for 90 days though, so allowing automated renewal will be important. Any updates on plans here?

(12 Nov '15, 15:04) hooverlunch hooverlunch's gravatar image

Please see Sean's comments below.

(12 Nov '15, 15:17) bmeyer71 ♦♦ bmeyer71's gravatar image

We used letsencrypt on one of our company-servers for the staging environment. Problem is: they hit the IP-adres, and do not use the url, so you will not be routed through to your vhost, so certificates need to be installed/handled on the server level (machine/ip-adres). I am not sure if that is even possible on webfaction: can I host a file on MY-IP/.well-known without using dns.url lookup. If not, if webfaction wants to support letsencrypt, they will have to provide some infrastructure/tools to allow that. E.g. enable it from our dashboard. Thoughts?

(16 Dec '15, 15:16) nathanvda nathanvda's gravatar image

@nathanvda - no, you can't serve a site or file directly from an IP address on our service.

When/if we roll out installation tools for certificates, including Let's Encrypt, it will most likely be done via our control panel.

(16 Dec '15, 18:54) seanf ♦♦ seanf's gravatar image

Thanks @seanf, any update on a possible timeframe?

(21 Dec '15, 13:31) nathanvda nathanvda's gravatar image

There has been no decision made one way or the other to implement Let's Encrypt. As Sean mentioned we would announce any support or changes to the way our certificates are implemented on our blog and social media.

We still can install SSL Certificates manually. Please open a support ticket if you need a certificate installed.

(21 Dec '15, 13:57) aaront ♦♦ aaront's gravatar image
showing 5 of 7 show 2 more comments

It seems like no one had mentionned yet the LetsEncrypt utility client for WebFaction hosts.

I used it to install a Let's Encrypt certificate for my website and it worked like a charm. Just don't forget to enable the encyption in the Webfaction control panel: Websites > Security > Encrypted website (https)

permanent link

answered 17 Apr '16, 10:44

postrel's gravatar image

postrel
7112
accept rate: 0%

True, thanks for mentioning. But you still need to manually contact webfaction to update your certificates every 90 days.

(17 Apr '16, 10:45) lorenz lorenz's gravatar image

Actually, I think you can set up a cron job, and the client should post a ticket automatically. At least, it posts a ticket when you run it manually.

(17 Apr '16, 10:51) dimitari ♦♦ dimitari's gravatar image

Do you need to buy a public IP in order to do this?

(17 Apr '16, 19:07) Alejandro Mo... Alejandro%20Morales%20Tapia's gravatar image

No, since WebFaction uses Server Name Indication (SNI) for HTTPS sites. This generally means you will not need a static IP Address for most websites unless you are supporting an older web browser or operating system that does not support SNI.

(18 Apr '16, 18:56) aaront ♦♦ aaront's gravatar image

I just tried this and it worked amazingly well, and this kind of stuff never seems to work for me...

(15 Feb, 14:39) JohnGoren JohnGoren's gravatar image

Thank you for providing feedback, however at this time Let's Encrypt has not even been released. We are certainly aware of the project and will continue to wait on it to be generally available.

permanent link

answered 15 Sep '15, 11:33

aaront's gravatar image

aaront ♦♦
6204
accept rate: 26%

Let's Encrypt announced "December 3, 2015 our systems will be open to anyone who would like to request a certificate". Is that when we can expect an update from webfaction? I'm personally very excited for this TLS revolution and would love to hear if webfaction will support it.

(16 Nov '15, 03:35) ubershmekel ubershmekel's gravatar image

As far as I am aware, that date is for the public beta release. As Sean mentioned below, we are aware of this exciting new service and will make updates when necessary (no ETA, nor confirmation). Thank you again for showing interest!

(16 Nov '15, 05:37) NickR ♦♦ NickR's gravatar image

Example of a hosting provider going out of their way to support Let’s Encrypt: https://www.dreamhost.com/blog/2015/12/03/lets-encrypt-and-dreamhost/. It’d be great if WebFaction would think about doing it now that it is generally available.

(15 Dec '15, 23:22) Chris Morgan Chris%20Morgan's gravatar image
1

Any updates? -I know I repeat other users but today Let's encrypt officially left beta status: https://letsencrypt.org/2016/04/12/leaving-beta-new-sponsors.html

(12 Apr '16, 17:42) lorenz lorenz's gravatar image

Let's Encrypt just started issuing its first certificates for Beta testers, and I ran into the issue Chris mentioned above. Now that we're close to the public release date, do you all have more information about this? Do you have a roadmap or a timeline?

Thanks!

permanent link

answered 04 Nov '15, 17:03

jeherve's gravatar image

jeherve
312
accept rate: 0%

We have no new information and no public roadmap at this time. If that changes, we'll be sure to announce it in our blog and social media channels.

(04 Nov '15, 20:24) seanf ♦♦ seanf's gravatar image

Note that we can still install certificates manually, if you can give us the certificate and key files. Just open a support ticket to request it.

(04 Nov '15, 20:26) seanf ♦♦ seanf's gravatar image

Let's Encrypt had huge buzz from the beginning and is only getting more popular. They've already improved the install system with the new Certbot - https://certbot.eff.org/ - but it's a system that is really meant to be automated. Webfaction's current policy of a support member physically renewing every ssl cert is a pretty big speed bump to that system, and I hope the team is looking at a way to improve the current system. I heard C-panel will also support Let's Encrypt within a few months. This may be the new standard for SSL, so I hope you guys make it a priority at Webfaction.

permanent link

answered 15 May '16, 01:43

peteleidy's gravatar image

peteleidy
333
accept rate: 0%

We don't have any specific details available or ETA just yet, but rest assured that implementation is already underway on improving the SSL certificate installation procedures.

(15 May '16, 02:10) ryans ♦♦ ryans's gravatar image

We're one step closer to having full support for Let's Encrypt via our control panel. As of today, you can now manage SSL certificates with the control panel without needing to open a support ticket!

permanent link

answered 19 Sep '16, 15:47

seanf's gravatar image

seanf ♦♦
11.1k21131
accept rate: 37%

This is really great news. Thanks for all the effort you're all putting in!

Could I make a small suggestion for improvement?

Under Domains > SSL Certificates, the three columns "Name", "Valid for" and "Valid until" don't wrap, so we can't see the full details (unless we open an inspector and reduce the font).

Could you make it so that hovering will show the relevant text? (By adding a title="..." tag to the divs.)

Alternatively you could simply let the text wrap (with CSS white-space: normal; on the relevant divs). Or leave the main screen as-is and instead spell out the details in full once the row is clicked and the cert details are displayed.

Looking forward to the API, so it can all be automated at our end too :-)

(22 Sep '16, 19:54) JustAnotherW... JustAnotherWebFactionUser's gravatar image
1

We have a ticket open with development to improve the layout of that page now.

(22 Sep '16, 20:16) maryh ♦♦ maryh's gravatar image

Thanks maryh!

(23 Sep '16, 17:49) JustAnotherW... JustAnotherWebFactionUser's gravatar image

I see in your control panel method to manage classic certs (CSR issue, upload cert), but not support for let's encrypt which requires special integration via API or their client, and does not work via manual CSR or files? Even if I use their CLI client and get the certs, then these expire every 2 months and are not meant for manual maintenance. Do I miss here something?

(27 Sep '16, 06:14) jaakl jaakl's gravatar image

You didn't miss anything -- that's correct. We have plans to fully integrate LetsEncrypt so that you can actually issue and apply certificates from the Control Panel, which will alleviate that problem.

For now, we've implemented the first step, which is allowing users to manage SSL certificates in the Control Panel directly. LetsEncrypt integration is coming afterward.

(27 Sep '16, 08:23) ryans ♦♦ ryans's gravatar image

I would like to bump this feature request as well. Any news?

permanent link

answered 12 Nov '16, 18:01

jshaver's gravatar image

jshaver
313
accept rate: 0%

Hi there Webfaction staff!

Last year 2016 was a successful year for Let's Encrypt. It's been quite a while since it's not beta anymore, major players are supporting it and Webfaction is not there yet!

I'm a proud Webfaction customers because of your developer-oriented approach, and it hurts that we're still lagging behind other webhosting companies that have fully supported Let's encrypt since the beginning. More than technical challenges, it would seem that lack of commitment might be an issue on your side, since even third-party tools made by other great Webfaction customers are already available.

It seems that you must be already working diligently on this, as per your previous comments. However, I kindly request you to speed up your efforts and give this initiative more priority so we all can enjoy the benefits of a more secure web.

Thank you for your otherwise top-notch service! Looking forward to your public announcements on Let's Encrypt support in the very near future :)

permanent link

answered 12 Jan, 09:36

teks's gravatar image

teks
21115
accept rate: 0%

Any updates so far? It would be really really nice if this was made easy. Without opening support tickets every month.

permanent link

answered 17 Mar '16, 10:51

sythe's gravatar image

sythe
212
accept rate: 0%

We have no new information and no public roadmap at this time. If that changes, we'll be sure to announce it in our blog and social media channels.

(17 Mar '16, 15:51) seanf ♦♦ seanf's gravatar image

This is a hot topic and I though I'd share another tool with fellow WebFactioneers to help setup Let's Encrypt that I ran across:

https://www.hiawatha-webserver.org/weblog/110

Hope this helps.

permanent link

answered 26 Apr '16, 12:13

makareim's gravatar image

makareim
212
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×75
×12

question asked: 15 Sep '15, 04:55

question was seen: 8,164 times

last updated: 15 Feb, 14:39

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2017 PARAGON INTERNET GROUP LIMITED - WEBFACTION IS A SERVICE OF PARAGON INTERNET GROUP LIMITED
REGISTERED IN ENGLAND AND WALES 7573953 - VAT REGISTRATION NUMBER 182147021
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM