Renewing SSL Certificates

Kubernetes Certificates

1. From bash, navigate to /Shipper/Shipper/Documents/Certs

2. Create a CSR using openssl:
   openssl req -new -newkey rsa:2048 -nodes -out secure_hurkin_com.csr -keyout secure_hurkin_com.key -subj "/emailAddress=billing@hurkin.com/C=US/ST=WA/L=MAPLE VALLEY/O=HURKIN LLC/OU=Administrative/CN=secure.hurkin.com"

3. Using that CSR, order a new certificate from SSL Direct. 

4. Within a few minutes you'll receive the certificate, and the certificate chain, via email. 

5. Copy the certificate to secure_hurkin_com.cer

6. Copy the chain to secure_hurkin_com_bundle.cer

7. Create a pfx for the bundle:
   openssl pkcs12 -export -out secure_hurkin_com_bundle.pfx -inkey secure_hurkin_com.key -in secure_hurkin_com.cer -certfile secure_hurkin_com_bundle.cer

8. Create a pfx for the certificate:
   openssl pkcs12 -export -out secure_hurkin_com.pfx -inkey secure_hurkin_com.key -in secure_hurkin_com.cer -certfile secure_hurkin_com_bundle.cer

9. Upload a new version of the certificate to the prod key vault.

10. In the Kubernetes service Configuration page, Secrets tab, remove 'keyvault-secure-hurkin-com'

11. In the Services and Ingresses page, Ingresses tab, remove 'secure-hurkin-com'

12. Use the Create menu on that page to "Apply a YAML". Use /HAAL/haal-api/kubernetes-prod.yaml

13. Test to make sure that the new certificate has propagated

Azure App Services

1. From the Certificates page for the Web App (App Service), make sure you have a "Managed certificate"

2. On the Custom Domains page for the Web App, make sure there's an SNI SSL binding to the custom domain name (i.e. api.hurkin.com) and that an SSL certificate is assigned.