So likely when I need to renew my cert it will be less work to just flip that toggle than to generate the cert from cloudflare and paste it into GitLab. I won't need to do that for another year or two though.

@JaredBusch said in Setup a Cloudflare Origin Certificate for use on a backend server:

looks pretty easy actually.

oh nice, that does look simple. I had to paste the different sections of the cert into the config page for GitLab Pages.

There is one concern (not for me). The alt names can sometimes be not great (Unless they've changed that recently). Not many people would notice but for a business that might be an issue (not my site obviously).

@JaredBusch said in Setup a Cloudflare Origin Certificate for use on a backend server:

@stacksofplates said in Setup a Cloudflare Origin Certificate for use on a backend server:

@JaredBusch said in Setup a Cloudflare Origin Certificate for use on a backend server:

@stacksofplates said in Setup a Cloudflare Origin Certificate for use on a backend server:

This is what I did for my personal site. GitLab pages did support Let'sEncrypt but not automated renewals so it was kind of pointless to use that. So I set one of these up. I need to go back and change it now that fully automated renewals are available.

My question would be why use LE for that if you are using Cloudflare in front anyway? There is zero wrong with this type of origin certificate. If you are using Cloudflare, then it is a simple solution.

Oh it's just so I don't ever have to worry about renewing it. With GitLab Pages, I just check the box and it gives me a cert and auto renews for me. That's all.

Obviously nothing wrong with what you are doing. But since you had something in place, I was wondering why change.

Origin certs from Cloudflare have a default (and max) lifespan of 15 years. Since it should only be trusted by Cloudflare, there should be no need to use a shorter span cert.

Yeah I changed it to 5 when I did mine. I've always "preached" short cert life span since that's been a thing so it's dogfooding also (even though it's not needed with this).

@JaredBusch said in Setup a Cloudflare Origin Certificate for use on a backend server:

@stacksofplates said in Setup a Cloudflare Origin Certificate for use on a backend server:

This is what I did for my personal site. GitLab pages did support Let'sEncrypt but not automated renewals so it was kind of pointless to use that. So I set one of these up. I need to go back and change it now that fully automated renewals are available.

My question would be why use LE for that if you are using Cloudflare in front anyway? There is zero wrong with this type of origin certificate. If you are using Cloudflare, then it is a simple solution.

Oh it's just so I don't ever have to worry about renewing it. With GitLab Pages, I just check the box and it gives me a cert and auto renews for me. That's all.

This is what I did for my personal site. GitLab pages did support Let'sEncrypt but not automated renewals so it was kind of pointless to use that. So I set one of these up. I need to go back and change it now that fully automated renewals are available.

@Nic said in Sysadmin opening at Automox - Boulder, CO:

@stacksofplates Sorry about that - feel free to leave the website off that field and then mention it in your cover letter if it's important for the application.

Oh it's fine. Just figured I'd mention it.

Also who it belonged to should be to whom it belonged

It's nit-picky but it's on-premises not on-premise.

@Nic said in Sysadmin opening at Automox - Boulder, CO:

@stacksofplates Yes that one is ok with remote.

Submitting but I can't add my website because it says it's not a valid URL.

It's a new tld, it's hooks.technology so they must just be filtering on .com,.net, etc.