ssl-certificatecloud-foundrypcfpcfdev

How to configure custom domain lets encrypt certificates on pivotal cloud foundry


Thanks for your help in advance.

I have deployed a NodeJs app in Pivotal Cloud Foundry (dev.appname.cfapps.io). I have a Load Balancer running on Digital Ocean and Let's encrypt certs are configured here for my custom domain (appname.com). So only the API calls are sent to NodeJS app through Load Balancer, website and other subdomain visits are redirected to another hosting provider.

Now I configured NodeJs app to link to my custom domain (dev.api.appname.com) and configured proxy pass from Digital Ocean to dev.appname.cfapps.io. Now if I open dev.api.appname.com in a browser, the browser is showing unsecured since the certificates are different from DigitalOcean and PCF app.

I used SSL app in PCF marketplace to upload certs and it worked fine. But it costs $20 per month. Can any one suggest how I can upload Let's Encrypt certificates to PCF app my self without using external plugins?


Solution

  • You're using the cfapps.io, so you're talking about Pivotal Web Services not PCF (PCF is what you host, PWS is hosted by Pivotal).

    Anyway, on PWS you have three options for TLS to your app.

    I'm not sure I totally understand your set up, but you have a load balancer so if all of your clients are talking to the load balancer then you can simply use the cfapps.io domain behind the load balancer. This domain requires no extra set up and its free. Then your traffic will be encrypted/secure between your LB & your app on PWS, plus your clients won't see what is happening behind that's all behind the load balancer.

    You really only need the CloudFlare/Pivotal SSL Service options if you have HTTPS clients talking directly to your service on PWS & you don't want them to see the cfapps.io domain. This would allow you to use a custom domain.

    Hope that helps!