Every Rock install needs an SSL certificate. Even if you aren't live yet and don't have people entering any financial information, you still have you
or your staff logging in and typing passwords. You don't want that happening without encryption. Even though buying certificates has gotten cheaper
it can still be too expensive, especially when you are just kicking the tires. It can also be complicated dealing with multiple hostnames, adding and
removing hostnames on the fly as well as just taking the time to renew that certificate every year.
Lets Encrypt launched a number of years ago with two goals. The first was to provide an API system that other Certificate Authorities could implement
that would take much of the headache out of the process for people. The second was to provide free SSL certificates through their own Certificate
Authority. You can now get unlimited free certificates from Lets Encrypt. On top of that, their API allows for plugins like this to be written that
do all the heavy lifting for you so you can get back to helping your staff. No more wasting time doing Administration that should be automated.
With this plugin you can manage your Rock SSL certificates by configuring once and then forgetting all about it. The plugin keeps your certificate up
to date for you. You can even manage multiple certificates or non-Rock sites on your IIS server.
The initial release of this plug-in is designed for full-trust/full-VM hosting. This means self-hosted on-premise or using a full-VM type of
hosting such as Azure VM. There is experimental support for partial-trust hosting but it requires manual installation of the certificates.
Additionally, while as much testing has been done as possible on this plugin, please be aware that this is being released in "public beta"
status. It works, we have it in use on a few systems. But because it is modifying your IIS configuration, it is possible to get locked out
of Rock in certain configurations (such as requiring all traffic be over SSL) if something goes terribly wrong. That being said, all that is
required to fix it is a small amount of familiarity with the IIS Management Console. Please check with your IT department before using this
- Support for Lets Encrypt certificate authority.
- Support for Full-Trust hosting only.
- Experimental support for Partial-Trust hosting.
- Automatic configuration of IIS site bindings.
- Automatic renewal of certificates.