US flag signifying that this is a United States Federal Government website An official website of the United States government

Provisioning TLS certificates

Provisioning TLS certificates

This page is primarily for the cloud.gov team. It's public so that you can learn from it. For help using cloud.gov, see the user docs.

We use one wildcard TLS certificate for each cloud.gov environment:

  • *.fr.cloud.gov
  • *.fr-stage.cloud.gov
  • *.dev.us-gov-west-1.aws-us-gov.cloud.gov

We provision certificates using Let’s Encrypt. Our terraform pipeline checks certificate expiration dates daily and renews certificates that are about to expire. Our load balancers are configured to use the latest certificate; updating load balancers requires re-applying terraform stacks.

Note: staging and production are currently using legacy certificates from Comodo and will be transitioned to Let’s Encrypt before the current certificates expire.