I reopened the task to migrate production to https fully. Started with gn2-zach's testing instance and redirected http -> https with letsencrypt. Errors show in browser console that the menu loader is hard coded, for example.

Blocked loading mixed active content “http://gn2-zach.genenetwork.org/api4//menu/generate/json”

That needs to be updated in settings.

See also

• ../redirect-http-to-https.gmi

I also added a path to tux02 with gn2-test.genenetwork.org at port 5010 for testing.

certbot --nginx -d host.genenetwork.org

certbot renew --dry-run

CRON, for example

22 4 * * 3 sheepdog_run.rb -c '/usr/bin/certbot renew --quiet' --always --tag CERTBOT >> ~/cron.log 2>&1

Add certificate

certbot certonly --nginx --agree-tos --preferred-challenges http -d ucscbrowser.genenetwork.org --register-unsafely-without-email