.jab-post img {
border: 2px solid #eeeeee;
padding: 5px;

Our system update last week added on an API to let you install HTTP yourself
instead of having to email us. We’ve been beta-testing it over the last seven days, and it’s
now ready to go live ๐Ÿ™‚

You can either use it by accessing the API directly from your code, or by using our helper scripts
(which you can pip install).

This is the first step towards a much improved system for HTTPS — watch this space for more information.

What this is all about

We supply an HTTPS certificate for all websites that are subdomains of pythonanywhere.com
so your website at yourusername.pythonanywhere.com handles HTTPS by default. But if you
create a website with a custom domain, you need to get a certificate. This is because only
the owner of a domain can create a certificate for it, to stop people from (say) creating
certs for www.google.com.

Luckily, it’s easy enough to create a certificate for your site, either by using the excellent
Let’s Encrypt (for which we have
detailed instructions here) or from one
of the many commercial providers.

But once you’ve created your certificate, you need to get it installed. In the past, the way we
asked you to do that was to store the certificate and the private key somewhere in your
PythonAnywhere file storage, then email us. The system worked well, but it did have one problem
— you needed to wait for us to install the certificate, which meant that in the worst case you
could wait for up to 24 hours for it to be installed — maybe not a huge issue when you’re
just getting started, but a big deal if you accidentally let the certificate expire and need a
renewed one installed ASAP.

How to use it: the simple way

The easiest way to install your certificate is to use the PythonAnywhere helper scripts. The first
step to do that is to make sure you have an API token set up for your account; go to the “Account”
page and then click the “API token” tab. If you see this:

…then you’re all set. If, however, you see this:

…then you need to click the button to generate a key.

Once you’ve done that, start a new Bash console, and run this to install the PythonAnywhere helper

pip3.6 install --user --upgrade pythonanywhere

(If you’re on our “classic” image and don’t have 3.6 available, you can use pip3.5 instead.)

Now you can run the script to install the certificate. If you’ve used
our instructions for Let’s Encrypt then the certificate
and the key are in a well-known place, so you can just do this:

pa_install_webapp_letsencrypt_.py www.yourdomain.com

If you’ve got a certificate from a different provider, you can specify the combined certificate and the key location by using a different command:

pa_install_webapp_ssl.py www.yourdomain.com /home/yourusername/something/combined-cert.pem /home/yourusername/something/private-key.pem

…adjusting the paths to point to the appropriate files.

If all goes well, you’ll see output like this:

< Setting up SSL for www.yourdomain.com via API >
< Reloading www.yourdomain.com via API >
| That's all set up now :-) Your new certificate will expire         |
| on 12 November 2018, so shortly before then you should             |
| renew it (see https://help.pythonanywhere.com/pages/LetsEncrypt/)  |
| and install the new certificate.                                   |

If you’re not using Let’s Encrypt, it will look slightly different, of course. If you get an error and can’t work out what to do, please do email us at [email protected].

There’s one important thing to notice there — the renewal date. You’ll still need to
renew the certificate and install a new one when it expires.

How to use it: scripting your own stuff

If you’re an API kind of person, you can use the new ssl endpoint under the webapps URL to
directly set your SSL certificate and private key with a POST request; you can also get SSL information (when the cert
will expire, who issued it, and so on) by using the GET method. More information in
the API documentation.

What’s next?

An API and some command line scripts for this stuff is all very well, but we’re far from done
with improving the way SSL certs work on PythonAnywhere. Our long-term goal is to make this
even easier — watch this space for more information.

Any questions?

Hopefully all of that is pretty clear! But if you have any questions, please do let us know.

Source link


Please enter your comment!
Please enter your name here