Blog / Security

Automatically generating and renewing Let's Encrypt SSL certificates with the certbot client and Ansible

August 11, 2016

I just finished updating my ansible-django-stack project and added tasks to automatically issue a Let's Encrypt SSL certificate and set up a cron job to auto-renew the certificate.

We're now using it for all our Shopify apps which are built in Django. Let's Encrypt certificates are only valid for 90 days, so if you have a bunch of web apps like we do and have more planned in the future, automating this ...

Generating free trusted SSL certificates with Let's Encrypt

July 19, 2016

I've always hated the idea of having to pay for SSL certificates. You could always generate them yourself for free with OpenSSL and they're just as secure as the paid ones. But if you're running a public-facing website, you're pretty much stuck and have to pay for one if you don't want your visitors seeing security warnings in their browser. At least that was the case until Let's Encrypt ...

Certificate verify failure with version 2015.9.6.2 of the certifi package

October 12, 2015

I just spent the past hour trying to troubleshoot this error message I was getting from the requests package when communicating with the MailChimp API:

SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I just provisioned a production server running Ubuntu 14.04 x64 for a new Django project and had been pulling my hair out trying to figure out why it was throwing this error when our stage ...

How to share your local web server to the Internet using a reverse SSH tunnel

July 25, 2013

I was recently working with integrating Stripe payments with a Django app. Since it's a subscription-based web application, it made a lot of sense for us to use webhooks, which Stripe supports. You basically set a URL in your Stripe account settings where Stripe could POST when an event occurs (eg. trial ends, subscription canceled due to an unpaid invoice, etc.). This eliminates the need of having to poll the Stripe server to check ...