Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Standardize ACME instruction details #9556

Merged
merged 3 commits into from
Mar 3, 2022

Conversation

ptgott
Copy link
Contributor

@ptgott ptgott commented Dec 23, 2021

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

@github-actions github-actions bot requested a review from klizhentas December 23, 2021 20:50
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch 2 times, most recently from c83b704 to 2995ced Compare January 4, 2022 21:50
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch from 2995ced to 828b036 Compare January 18, 2022 20:05
@ptgott ptgott requested a review from xinding33 January 18, 2022 21:13
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch 3 times, most recently from 234d280 to 3118310 Compare January 24, 2022 18:03
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch from 3118310 to 67a8c34 Compare February 4, 2022 19:24

Download the latest version of Teleport for your platform from our
[downloads page](https://goteleport.com/teleport/download).

Teleport requires a valid TLS certificate to operate and can fetch one automatically
using Let's Encrypt [ACME](https://letsencrypt.org/how-it-works/) protocol.

We will assume that you have configured DNS records for `teleport.example.com`
and `*.teleport.example.com` to point to the Teleport node.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
and `*.teleport.example.com` to point to the Teleport node.
and `*.teleport.example.com` to point to the Teleport proxy.

Right?

@@ -0,0 +1,21 @@
Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service.

You can configure Teleport to complete the Let's Encrypt verification process—called the ACME protocol—by running the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `[email protected]` is an email address used for notifications (you can use any domain):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reads a little bit awkward to me. My understanding is that teleport configure doesn't actually configure anything, but rather spits out some configuration that you can then paste into your teleport.yaml.

The way this reads, it sounds like teleport configure is actually modifying the file for you.

@@ -3,24 +3,13 @@ Download the latest version of Teleport for your platform from our
installation [instructions](../../installation.mdx).

Teleport requires a valid TLS certificate to operate and can fetch one automatically
using Let's Encrypt [ACME](https://letsencrypt.org/how-it-works/) protocol. We
using Let's Encrypt. We
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strange place for a line break.

@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch 2 times, most recently from aec815b to 868701e Compare February 10, 2022 16:17
@ptgott ptgott requested a review from zmb3 February 10, 2022 16:17
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch from 868701e to 7e908fe Compare February 10, 2022 19:25
@ptgott
Copy link
Contributor Author

ptgott commented Feb 10, 2022

@xinding33 @r0mant would you have time to give this a look? Thanks!

@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch 5 times, most recently from 09539df to 999f41b Compare February 17, 2022 21:01
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch from 999f41b to 44966f0 Compare February 24, 2022 20:54
ptgott added 2 commits March 2, 2022 17:07
Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448
- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
@ptgott ptgott force-pushed the paul.gottschling/6448-tls-clarity branch from 44966f0 to aa07670 Compare March 2, 2022 22:07
@russjones
Copy link
Contributor

@ptgott Looks like this was approved, can we merge?

@ptgott ptgott enabled auto-merge (squash) March 3, 2022 15:43
@ptgott ptgott merged commit 650133b into master Mar 3, 2022
@ptgott ptgott deleted the paul.gottschling/6448-tls-clarity branch March 3, 2022 15:52
ptgott added a commit that referenced this pull request Mar 4, 2022
* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 4, 2022
* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 9, 2022
Guides to getting started with Teleport on various platforms
recommend creating a DNS record for *.teleport.com. It would help
prospective users to know why this is needed. This change adds
context for why Application Access requires a wildcard subdomain.

Fixes #5378

When addressing conflicts with #9556, it turned out that the acme.mdx
partial would not render inside the Tabs component within the
start-auth-proxy.mdx partial. I have copied the contents of acme.mdx
to use inside start-auth-proxy.mdx until we can fix this issue.

I also made some minor edits to acme.mdx while fixing these conflicts.
ptgott added a commit that referenced this pull request Mar 9, 2022
Backports #9556

* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 9, 2022
start-auth-proxy.mdx is a partial used by a number of Database Access
guides. After PR #9556, the partial included garbled instructions for
setting up Teleport with Let's Encrypt. This change edits these
instructions for clarity.
ptgott added a commit that referenced this pull request Mar 10, 2022
start-auth-proxy.mdx is a partial used by a number of Database Access
guides. After PR #9556, the partial included garbled instructions for
setting up Teleport with Let's Encrypt. This change edits these
instructions for clarity.
ptgott added a commit that referenced this pull request Mar 10, 2022
start-auth-proxy.mdx is a partial used by a number of Database Access
guides. After PR #9556, the partial included garbled instructions for
setting up Teleport with Let's Encrypt. This change edits these
instructions for clarity.
ptgott added a commit that referenced this pull request Mar 10, 2022
Backports #9556

* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 14, 2022
Backports #9556

* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 16, 2022
Backports #9556

* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 18, 2022
Backports #9556

* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
ptgott added a commit that referenced this pull request Mar 18, 2022
Backports #9556

* Standardize ACME instruction details

Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.

The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.

Closes #6448

* Respond to PR feedback

- Substitute "proxy" for "node" where it was incorrectly used
- Some small stylistic fixes
- Clarify that "teleport configure" does not write the config
  itself
@webvictim webvictim mentioned this pull request Apr 19, 2022
@webvictim webvictim mentioned this pull request Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

TLS handschake error | acme can't get a cert for domain
4 participants