SSL now available for Tumblr blogs with custom domains (opens in new tab)

Let's Encrypt implements a protocol, or, if you prefer, an API called ACME, which is being standardized at IETF. This allows you to make software-based requests for certificates. You can implement an ACME client or adapt an existing one to make requests for certificates on behalf of your customers.

See

https://letsencrypt.org/docs/integration-guide/

There are a lot of clients, several dozen of them already. There isn't necessarily a client that's specifically oriented toward provider integration, but one of the lightweight clients like acme.sh might be a good fit because it will work well with external scripting.

I think caddy supports automagically combining multiple domains on LetsEncrypt certificate requests. It is possible to set it up as a proxy just to get certificates but be aware of rate limit issues, especially if a domain expires or otherwise becomes invalid.

https://caddyserver.com/

I was trying to use it temporarily as the simplest way to get a multi-domain LetsEncrypt cert on Windows, but ran out of time attempting to convert the resulting certificate format into something I could take back to IIS.

Those securing custom subdomains are looking forward to January 2018 when wildcard certificates arrive. https://letsencrypt.org/2017/07/06/wildcard-certificates-com...

I recently came across fly.io (possibly on HN) which looks like it may help here, at least in the interim while you're a small startup. To note they do it for you similar to how Cloudflare would do it - you route your site through them - so it may not be what you're looking for.

https://fly.io/mix/custom-hostnames/

No affiliation on my part, the service has just ticked enough "ooh" boxes I'm intrigued and am looking at using them for a project or two

For NGINX and Apache it's a shell script away. The dehyrated shell client is Let's Encrypt/ACME compatible. It can read from a domains.txt file listing individual certificates per line. There's a hook.sh that you can modify to get dehydrated to deploy the script. All you'd have to do is get whatever script you currently use to provision the custom domains, to add the domains.txt and run dehyrated --cron.

There's plenty of pre-written deployment scripts for it, check the wiki and Google. https://github.com/lukas2511/dehydrated

Failing that... If you're using Apache, it's on its way to natively supporting Let's Encrypt certificates for fully auto HTTPS https://letsencrypt.org/2017/10/17/acme-support-in-apache-ht...

Hope that helps. If you're not comfortable doing it yourself, any dev/sysadmin should be able to cobble it together for a days consultancy.

valME.io, the blogging site I developed, has been doing this for years [1]. A user can provide their own SSL cert if they want but typically I just set them up via Let's Encrypt and then it does its automatic renewal process. If you're on a VPS, it's straight-forward to setup one of many ACME client alternatives [2]. If you're on shared hosting, it will depend on the hosting provider (some might even have it integrated if they use an administrative tool like Virtualmin).

[1] https://valme.io/c/gettingstarted/69qqs/valme-io-now-with-cu... [2] https://letsencrypt.org/docs/client-options/

Great post from Etsy!

Most browsers will give a mixed-content warning, but still serve images.

Edit: found a reference[0] on the tumblr help site:

>Keep in mind that enabling the option for a theme that wasn’t developed to support SSL may cause “mixed content” errors. If your blog looks weird after you turn SSL on, some resources that the theme needs to render itself may not be getting loaded.

>If you're a theme developer and you'd like to ensure your themes support SSL, make sure that any externally hosted resources such as Cascading Style Sheets (CSS) or Javascript files are served either using HTTPS or a protocol-relative URL. If these files aren’t available over HTTPS, consider uploading them at the Theme Customization page (In your blog settings, click “Edit HTML” and then “Theme assets”).

[0]: https://tumblr.zendesk.com/hc/en-us/articles/226273528-Encry...

Does Tumblr actually allow the embedding of arbitrary images? I've never knowingly seen a Tumblr blog embed external ones; they always seem to be Tumblr-hosted.

What did you check? They still document it, I can't find an announcement otherwise and on my account I still have the option to enable it.

I've https for custom domain for like a month now. Please check again.