Back to

Well, if you need some logos, we provide these:

svg ·  png
Red Clever Cloud logo
svg ·  png
svg ·  png
White Clever Cloud logo
svg · png
White Clever Cloud logo
svg · png
Posted at January 15, 2019 — Features

Let’s Encrypt Certificates For Everyone

We have been issuing and automatically installing Let's Encrypt® certificates for a while now. The only manual thing was the trigger of this process. But today, we are glad to announce fully automated Let's Encrypt certificates for everyone!

When you add a domain — which targets Clever Cloud — to an application; it will have its own certificate a few minutes later (up to 12 minutes later).

This has been live since 2018-11-16. Hundreds of certificates have been issued since then. This has been possible thanks to Let's Encrypt, who also extended their rate limiting on their API.

How do we do this?

As explained in the previous blog post, queries to the path used by Let's Encrypt to check the ownership of the domain are routed to our Let's Encrypt integration service. This allows us to process the Let's Encrypt queries, get the certificate and give it to our certificates manager.

Here is what's new. Once a user adds a new domain, we periodically check that we can reach our Let's Encrypt integration service. When we do, we start the usual process et voilà.

What if I want another kind of certificate?

That's not a problem:

If you already have a certificate, we will not create a Let's Encrypt certificate.

How about existing domains?

Existing domains which do not yet have a certificate will all get a Let's Encrypt certificate.

This will be done over the next weeks to come. We can't do this in a single batch for two reasons:

  • Let's Encrypt rate limiting (we have extended limits but we still cannot send such a big batch all at once)
  • We need to spread this out so that we don't have a big batch of renewals every 3 months

If you don't want to wait, you can simply ask us to enable it.

Next steps

There are a few things yet to come:

  • Interface in the console to track the status of the certificates
  • Support of wildcard certificates (which will not be quite as automatic because it requires DNS validation; this will require an action from you at first)

One last thing

We are now proud sponsors of Let's Encrypt!


Check out our Blog

We write about programming, security and Clever Cloud products

Join thousands of developers already using Clever Cloud. And try it for free!

Create your account now to start your apps and collaborate within a few minutes. For free with 20€ offered.

By signing up, your agree to our terms of use
Sign in with Github