SSL Certificates at ReadMe, Now Powered by Cloudflare ☁️💥
Last night we deployed a fundamental change to our infrastructure—the culmination of almost 3 months of work. We’ve migrated away from our homegrown SSL certificate generation service to Cloudflare using their SSL for SaaS product.
What does this mean for you? If you're a ReadMe customer, your documentation site is now behind Cloudflare. This gives you all of the benefits of a global Content Delivery Network and Web Application Firewall: improved security, reliability, and performance.
A History Lesson
Some background: The SSL service that this is replacing was one of the first big projects I worked on at ReadMe! We launched it way back in January 2017. At the time it was pretty state-of-the-art. Let’s Encrypt was in its relative infancy and we were spending $20 for every SSL certificate that our customers uploaded to us (costing several thousand dollars per month). I don’t regret ever building out our own system. There was nothing off-the-shelf to handle this and it has enabled us to provide free SSL certificates for thousands of custom domains. Thanks so much to Let's Encrypt and lua-resty-auto-ssl!
Why Are We Switching to Cloudflare?
- Security: We’ll be better equipped to block automated DOS attacks and add custom firewall rules through Cloudflare.
- Reliability: Our service has been fairly reliable, but I’ve been called up a few times out of hours to fix it. I’m happy to delegate management of our SSL and web cache layers to someone else.
- Performance: Utilizing Cloudflare’s global CDN will enable us to be faster in the rest of the world, not just the Bay Area or Virginia.
I'm not going to take the credit for the technical implementation of this piece of work. That has to go to Gabe who will be following up with a deeper dive on how we managed to migrate thousands of domains to Cloudflare—spoiler alert: lots of API calls and DNS queries.