Renewing SSL Certificates

  1. Login into Zero SSL.

  2. Click the "Renew" button for the 90-Day SSL for "helixsleep.com" (contains all other Stratasphere domains as well).

  3. Ensure all needed domains are present and click "Next Step".

  4. Select "90-Day Certificate" and click "Next Step".

  5. Make sure "Auto-Generate CSR" is toggle on and click "Next Step".

  6. Click "Next Step" and wait for the certificate to finalize.

  7. Select "HTTP File Upload" as the verification method and download the "Auth File" to your computer.

  8. Upload the verification file to each of the sites. Makes sure you perform this step for all the sites, i.e. helixsleep.com, brooklynbedding.com, titanmattress.com, etc. Login into you site e.g. helixsleep.com/login, and go to the "Zero SSL" app.

  9. Make sure "S3" is selected as the "Filesystem Disk". Click "Choose File" and select the Auth File you just downloaded from Zero SSL's website in step 7. Click "Upload". Ensure that the Auth File shows up in the list of "PKI Validation files".

  10. Repeat step 9 and 10 for each Strata powered site.

  11. For the stratasphere.cloud domain you will need to upload it to directly to the Amazon S3 bucket. Login into Amazon AWS and select the S3 service and find the "stratasphere-production" bucket. Drill down until you get to the "pki-validation" folder. Amazon S3 > Buckets > stratasphere-production > central/ > .well-known/ > pki-validation/

  12. Upload the Auth File from step 7.

  13. Go back to Zero SSL and click "Next Step" until you get to the final step "Finalize", here you click the "Verify Domains" button.

  14. Wait for the verification to complete and the certificate to be issued.

  15. Select the "Default Format" and download the certificate and click "Next Step".

  16. Install the certificate. Go to Digital Ocean and select the "Stratasphere (production)" project and click on the "stratasphere-production-mothership" load balancer.

  17. Click the "Settings" tab and click the "Edit" button for the "Forwarding rules" group.

  18. Click the "Certificate" dropdown for the "HTTPS" protocol.

  19. Select "New certificate".

  20. Extract the content of the zip file containing the certificate files. Name the certificate "ZeroSSL-YYYYMMDD" (Replacing the Year-Month-Date format with the current date, i.e. ZeroSSL-20240102 for January 2nd, 2024). Copy the content of each of the three (3) files to their fields. "certificate.crt" -> "Certificate" "private.key" -> "Private Key" "ca_bundle.crt" -> "Certificate Chain" Click "Save SSL Certiifcate"

  21. Click "Save"

  22. Ensure that the certificate is being used on the sites. This is different per browser, but you can usually click a little lock icon in the browser's address bar to view the certificate in use.

  23. Back in Zero SSL, you can now click "Check Installation" and you should be all done. (Not sure that this step actually does anything...).

  24. Lastly we need to update the Terraform Cloud variable. Go to https://app.terraform.io/app/3z/workspaces/production/variables and find the mothership_certificate_name variable and edit it to name you gave the certificate in Digitial Ocean on step 20. (ZeroSSL-YYYYMMDD)

PreviousDeploying to ProductionNextInfrastructure

Last updated

Was this helpful?