Expedited SSL, a Heroku ‘add-on’, offers SSL on a sub-domain as well as on the primary domain. It would be nice to hand all the configuration / maintenance off to them.
Alternatively, should I simply purchase Expedited SSL for the Heroku hosted primary domain and a Discourse team SSL certificate for the sub-domain. (And sort out the configuration myself.)
Kane - Thanks; however, I’m trying to avoid that ‘learning curve.’ My Discourse instance was set-up and is maintained by your team (the $100 / month plan). I’m also using Cloudflare which now offers Universal SSL for free. I’m not sufficiently experienced to understand how the pieces fit together. I’m just trying to (a) follow best practices and (b) add Oauth for SSO.
I am not following @DKH. Are you basically trying to cut the SSL cost here? You can proxy discourse but there are concerns and complex configurations you need to follow, I would not recommend it.
@sam , cost isn’t the issue. Complexity is. I’m a relatively new developer. Expedited SSL offers to handle everything after initial set-up, including sub-domains and SSL certificate rotation (as a Heroku ‘add-on’). You - Discourse.org - also offer SSL and so, too, does Cloudflare. I’m trying to determine the best way forward. My priority is ‘delegation’, not cost. Thanks
If you want SSL, and are already hosted with us, best way forward is to purchase a cert and have us take care of it. We then take on dealing with all the annoying config issues.
@sam - Expedited SSL through Heroku as an add-on. We’re (eventually) going to be getting personal information on the primary website and taking payments. I’m risk-averse and want someone with experience managing this.
Having read through the article about Expedited SSL, this is most likely not what you want at all.
The intention of the addon is to set up your Heroku-hosted application for SSL, it’s not a generic tool to build valid certificates. In fact, the article mentions that if the addon is removed, the SSL certificate is erased, which leads me to the interpretation that you never get access to the certificate’s private key – transferring this certificate to a non-Heroku server, such as your Digital Ocean droplet, would be flat out impossible.
We do not sell SSL certificates, you must purchase it from a third party. I strongly recommend you contract somebody technical to help you out here as many of the questions are very confused. As long as you have the ability to validate the CSR we send you we do not care who your SSL provider is.
@sam Here’s Expedited SSL’s reply to the initial question I asked both of you:
There’s nothing special about a certificate that ties it to just a single host - but in order to accomplish what you’re looking for here, you’d need to purchase our wildcard plan ($79/mo) - and we’d then export the cert for you to manually install on Digital Ocean or wherever else you might need it.
That being the case I think you’d be much better off just using our single plan and then getting a separate certificate from Discourse for your forum.
Now I know what to do: Expedited SSL on the primary website, purchase a separate certificate per your recommendation for my ‘community.’