Custom domain SSL certificate: auto-renewal support - Mendix Forum

Custom domain SSL certificate: auto-renewal support

84

We currently host three environments on mendixcloud.com, all of which have custom domains set up with SSL/TLS certificates. It would be a great help to have the ability to automatically renew these certificates prior to expiration.

Our certs are from LetsEncrypt.org which uses their ACMEv2 API (https://letsencrypt.org/docs/client-options/) to allow for automatic domain verification and certificate renewal.  This is supported via a large number of clients as shown in the above link, although primarily for unmanaged IIS or Exchange servers.

Since mendixcloud.com is a managed host, the common ways of using these client tools are not available to us.

However, we have other custom domains pointing to managed resources in Microsoft Azure which allow custom automation scripts to update these SSL certificates.  It would be a great feature to have similar functionality built into our custom domains and sites hosted here with Mendix.

 

Thanks!

Ed

asked
11 answers

SSL certificate update automation for custom domains is a must. I would say it's a deal breaker for choosing a low-code solution. So, if any Mendix member of staff is reading this, here's my vote in favor of automated SSL certificate updates (via Letsencrypt, etc...)

 

My idea for now is to use a Letsencrypt updater docker (e.g. https://hub.docker.com/r/jonasal/nginx-certbot) which will serve as a proxy and will forward the traffic to mendix's domain. I wonder if it's going to work well...

Created

Also - are these forums moderated by mendix official staff? I can't see any feedback in this thread that looks official :/

Created

Hi,

 

Are there any updates here? Is everyone still manually renewing their certificates for custom domains in each application environment in Mendix?

 

Anyone hosting a good number of applications will have a lot of manual repetitive tasks with this, with a high chance of human error and interruptions to their environment. We foresee the need for 30 applications as part of a digital platform we are creating. Others in this community may even have a lot more... Automating these tasks is a basic operational need these days, with certificates on a 30 / 90 day cycle being quite common.

 

We're also currently using Azure Key vaults and pipelines. Does Mendix plan to integrate with azure for this, or provide their own solution to this problem?

 

Would be great to get some offiicial mendix feedback or any information about this being on a roadmap.

 

Cheers!

 

Gareth

Created

Absolutely essential with the 90 day - and possibly later 30 day - renewal period coming up.

Created

Any update on this topic?

Created

Great idea. Should be on the roadmap soon. 

Created

Great idea ;-)!!!

Created

Interesting that this same suggestion was made 5 years ago (https://forum.mendix.com/link/ideas/398), but was closed because “good idea, but we are not adding it to the roadmap yet” and then seemingly forgotten.

Created

Either providing a service similar to Certbot or allowing new certificates to be added/configured via an API would be great. Failing all that, allowing certificates to be shared between environments (we have a wildcard) would be an improvement over having to copy/paste the same certificate multiple times.

Created

Would be nice if there would be some action on this part. It is a very annoying manual process...

Created

Definitely a must! Configuring an SSL certificate manually is like the stone age 😉

Created