During the week of the 12th of May, my SSL certificate expired as my hoster was unable to automatically renew it. This was due to a new limitation intdocuced Let’s Encrypt, which now only offers 200 new certs a week. This turned into requesting a new SSL cert a bit of a lottery.
The flow-on effect of having an expired certificate meant that the Australian Daily Prayer app couldn’t pull the daily feed, and my policy URLs on the Google Play Store were inaccessable. Without a working link to a data policy page, Google threatened to pull some more of my apps.
Because I am cheap, I didn’t want to buy a certificate. However, most free services don’t allow you to create a wildcard cert and only allowed one domain (or subdomain) to be registered. In the short term I rolled a SSL Cert for dailyprayer.ampers.x10.mx just so the app at least worked.
Last week, I was between jobs, so I sat down to try and sove this issue once and for all. During my investigation, I discovered a problem with my hosting provider: they control the .well-known/acme-challenge folder which meant I couldn’t upload anything to that directory to verify ownership of my site. After reporting this to the hoster, they suggested that using a DNS challeng might be best option. However, as I pointed out, the reason I wasn’t already doing that was because I didn’t have access to their DNS manager, leaving me stuck between a rock and hard place. In the end, one staff member gave me access to their DNS manager, so I could then roll my own SSL Certificate (using win-amce).
This really wasn’t my hosters fault, as the problem initally was caused by Let’s Encrypt and their new limitation. I did want to get this issue sovled before I started work again, but it was only last night, one my first day that I was able to get everything back up and working again.
