@amyphillips staging, .com, and preprod all use certificates generated by sslmate. We could do something similar for the ref environment but it would be nice to have something in place that would auto-renew.
@jarv could you please clarify how to get access to sslmate and what should be done to issue a new certificate?
Their documentation mentions autorenewal, do you know if GitLab's account has auto-renewal on by default? If it is, we can probably run sslmate download as they mention in docs to automatically download certificate and then pass it to GET
@niskhakova There is more information in our runbook. Would it make more sense if this is QA owned that QA hosts there own toplevel domain for this? Then you could use GCP certs or LetsEncrypt. It would be nice if infrastructure was out of the critical path for QA setting up infra in GCP.
@jarv thanks for the link! And regarding the question, do you mean it'll be better to
move Staging Ref away from http://staging-ref.testbed.gitlab.net as testbed.gitlab.net owned by Infra and create QA toplevel domain for it? And then manage certs for them?
I've looked into external SSL docs and found what was wrong when I first tried to set up a certbot. Now the Staging Ref has SSL certificate from Let's Encrypt and we can probably close this issue?
Thank you very much! Will cross-link External SSL documentation in GET if that can be helpful - it can handle Let's encrypt or user provided certificates.