How-to use LetsEncrypt Guide

[sam-github]

See nodejs/node#9244 (comment)

[Qard]

@eljefedelrodeodeljefe Can your provide some context for the thumbs down? Personally, I think this is a good idea.

[eljefedelrodeodeljefe]

@Qard Sure. As much as I like the idea, I know how flawed the whole things is. nodejs/node#9244 (comment) sums it up pretty well. The whole cert business is unnecessarily complicated, but Node won't help much on that, nor will Let's encrypt and certbot. Let's encrypt has also really bad UX, imo. It is worth a blog post though.

However, in my (more than opinion now) opinion, terminating certificates in Node is as flawed (->performance) as cluster, child_process and a couple of other. Meaning, you likely want to do this somewhere else, e.g. HAProxy, Nginx, Cloudflare.

Again, it is worth a blog post.

[eljefedelrodeodeljefe]

I'd vote this for a close, since thumbs downs on the issues outweigh thumbs up. We should rather find a better format for stuff like that, far outside of core.

[Qard]

I'd certainly disagree with putting Let's Encrypt functionality itself into node core, but I feel like a guide related to it shouldn't be a major issue. Though I'd certainly frame it something like "this is a simplistic way to get up-and-running quickly, more advanced uses will probably need to learn the manual process"

[eljefedelrodeodeljefe]

Btw, do we have a decent place for guides now? Something more prominent than https://nodejs.org/en/docs/guides/? I should look up my GH notifs, as I was PRing putting it onto the api-nav :S sorry.

[Qard]

I believe that needed to be discussed by the CTC. Not sure if that has happened yet or not.

[eljefedelrodeodeljefe]

I mean we could convert it to a rather "how to generate certs with X to be secure"-guide. There are only 3 options or so for unobtrusive processes.

[mikeal]

Should we just point to https://www.npmjs.com/package/letsencrypt in the docs? This package provides more than we would want to outline in the docs themselves (plugins for popular frameworks, for instance).

[eljefedelrodeodeljefe]

Would be in favor for that. The package seems to be good quality now.

[Qard]

Maybe rather than approaching as a doc specifically for Let's Encrypt we could write a doc on the more manual process and just preface that with a note that the Let's Encrypt module is easier, if your needs or not complicated.

[mikeal]

I think that a "more manual process" for Let's Encrypt might lead people to use their python toolchain instead, which might be a barrier for some Node.js users.

[Qard]

I mean the process of setting up TLS that doesn't involve Let's Encrypt at all. It's doable, but a lot more involved, making it actually warrant its own doc.

[Trott]

Closing as this repository is dormant and likely to be archived soon. If this is still an issue, feel free to open it as an issue on the main node repository.