Output of certs:info:

jose@mactaku:~/Apps/seatgeek/app git:master $ heroku certs:info
Fetching SSL Endpoint some-endpoint.herokussl.com info for app... done
Certificate details:
Common Name(s): *.domain.com
                domain.com

Expires At:     2019-03-15 05:45 UTC
Issuer:         ISSUER_DATA
Starts At:      2014-12-21 21:24 UTC
Subject:        SUBJECT_DATA
SSL certificate is verified by a root authority.

@josegonzalez this is ready to be banged on. review away

GTFO tests fail.

Let me see what I can do to test it. I have a wildcard cert somewhere...

So is the expectation that people only be able to use self-signed certs with this plugin?

No. See docs for the generate command. We place the SS cert in place and then you can replace it when you get your real cert back if you decide to go that route.

How does someone replace the cert?

RTFM man!! 😄

from the new docs

If you decide to obtain a CA signed certficate, simply place it in 
`$DOKKU_ROOT/$APP/tls/server.crt` and run `dokku nginx:build-config $APP`.

I mean shouldn't we remove the nginx version of adding certs then? Seems like that's unnecessary duplication.

so that's a way to import a cert. which doesn't follow the heroku certs ui. hence i didn't use. that's a benefit of using something like ruby (?) for the client. not sure how to pipe in a key and cert file via an ssh connection

Lets assume that we don't have to support ssh. Would it then be fine to include that functionality in here and rip it out of the old place?

sure. the current implementation is a bit hokey. would you want to implement the same heroku ui?

i.e.:

certs:add CRT KEY            #  Add an ssl endpoint to an app.

Yeah, I think so?

Okay, I:

• rebased the pr, wooter scooter!
• moved the existing nginx:import-ssl command to certs:add.
• updated the ssl docs to be much more comprehensive.
• removed old docs in the nginx.md file.

How do you set multiple ssl certs? I don't think thats possible at all, despite what the docs said. Can someone verify that to be the case? I don't see how, given that we hardcode the location of server.crt and server.key. Personally I am okay with this, but we need to be very clear about this.

Multiple certs were never supported

The following heroku commands are left unimplemented:

certs:chain CRT [CRT ...], Print the ordered and complete chain for the given certificate.
certs:key CRT KEY [KEY ...], Print the correct key for the given certificate.
certs:rollback, Rollback an SSL Endpoint for an app.
certs:update CRT KEY, Update an SSL Endpoint on an app.

The rollback one isn't worth attempting to implement, and I think certs:update can be used as an alias for certs:add in our case. What do you think of the other two?

I've implemented crt/key importing via files on disk vs tarball. I think if tests pass, we can safely merge this in, as I have no intention of implementing any of the others (and they can be implemented in the future if need be).

Thoughts (before you head off to the wilderness)?

Works for me. key and chain didn't make sense to me as i wasn't sure how to implement with openssl. if someone else wants to take a stab, go for it.

Merging!