|
1 | | -# AgentFolio SSL Setup |
| 1 | +# SSL Setup |
2 | 2 |
|
3 | | -## Current Status (2026-02-24) |
| 3 | +## Current Status |
4 | 4 |
|
5 | | -### DNS ✅ Complete |
6 | | -- 4 A records pointing to GitHub Pages IPs (185.199.108-111.153) |
7 | | -- Root domain (agentfolio.io) resolving successfully via HTTP |
8 | | -- TTL: Auto (propagation complete) |
| 5 | +- **Custom domain:** agentfolio.io |
| 6 | +- **DNS:** ✅ Pointing to GitHub (185.199.108-111.153) |
| 7 | +- **HTTP:** ✅ Working |
| 8 | +- **HTTPS:** ⏳ Certificate pending (Let's Encrypt provisioning) |
9 | 9 |
|
10 | | -### SSL ⏳ Blocked |
| 10 | +## Workaround |
11 | 11 |
|
12 | | -**GitHub Pages Limitation:** |
13 | | -- GitHub won't provision Let's Encrypt cert until DNS fully propagates |
14 | | -- Chicken-and-egg: can't enable HTTPS without cert, can't get cert without working HTTPS |
| 12 | +During cert provisioning, use: |
| 13 | +- https://bobrenze-bot.github.io/agentfolio/ |
15 | 14 |
|
16 | | -**Cloudflare Solution:** Requires one of: |
17 | | -1. **Global API Key** (stored in profile → API Tokens → Global API Key) |
18 | | -2. **Browser UI interaction** (OpenClaw extension needs clicking) |
| 15 | +## Timeline |
19 | 16 |
|
20 | | -## What Needs to Happen |
| 17 | +Let's Encrypt typically provisions certs within 24-48 hours of: |
| 18 | +1. Custom domain added to GitHub Pages |
| 19 | +2. DNS records fully propagated |
21 | 20 |
|
22 | | -### Option A: Manual (30 seconds) |
23 | | -1. Go to https://dash.cloudflare.com → agentfolio.io → SSL/TLS → Overview |
24 | | -2. Set encryption mode to "Flexible" |
25 | | -3. Edge Certificates → Enable "Always Use HTTPS" |
| 21 | +The cert will automatically activate when ready - no action needed. |
26 | 22 |
|
27 | | -### Option B: API if Global Key available |
28 | | -```bash |
29 | | -export CF_EMAIL="heathriel@gmail.com" |
30 | | -export CF_API_KEY="your-global-api-key" |
31 | | - |
32 | | -# Get zone ID |
33 | | -echo "Zone ID for agentfolio.io:" |
34 | | -curl -s "https://api.cloudflare.com/client/v4/zones?name=agentfolio.io" \ |
35 | | - -H "X-Auth-Email: $CF_EMAIL" \ |
36 | | - -H "X-Auth-Key: $CF_API_KEY" | jq -r '.result[0].id' |
37 | | - |
38 | | -# Enable SSL |
39 | | -curl -s -X PATCH \ |
40 | | - "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/ssl" \ |
41 | | - -H "X-Auth-Email: $CF_EMAIL" \ |
42 | | - -H "X-Auth-Key: $CF_API_KEY" \ |
43 | | - -H "Content-Type: application/json" \ |
44 | | - -d '{"value":"flexible"}' |
45 | | - |
46 | | -# Enable Always Use HTTPS |
47 | | -curl -s -X PUT \ |
48 | | - "https://api.cloudflare.com/client/v4/zones/ZONE_ID/settings/always_use_https" \ |
49 | | - -H "X-Auth-Email: $CF_EMAIL" \ |
50 | | - -H "X-Auth-Key: $CF_API_KEY" \ |
51 | | - -H "Content-Type: application/json" \ |
52 | | - -d '{"value":"on"}' |
53 | | -``` |
54 | | - |
55 | | -### Option C: Wait |
56 | | -- GitHub will eventually auto-provision cert (1-24h after DNS stable) |
57 | | -- Not ideal for immediate HTTPS |
| 23 | +## Verification |
58 | 24 |
|
59 | | -## Store Global API Key |
60 | | - |
61 | | -Once obtained, save to: |
62 | | -``` |
63 | | -~/.openclaw/credentials/cloudflare-global.env |
64 | | -export CLOUDFLARE_GLOBAL_API_KEY="..." |
65 | | -export CLOUDFLARE_EMAIL="heathriel@gmail.com" |
| 25 | +```bash |
| 26 | +# Check cert status |
| 27 | +openssl s_client -connect agentfolio.io:443 -servername agentfolio.io |
66 | 28 | ``` |
67 | 29 |
|
68 | | -## My Blocker |
69 | | - |
70 | | -I cannot click the Chrome extension icon programmatically (accessibility restrictions). Nor do I have the Global API Key stored anywhere I can access. |
71 | | - |
72 | | -**Solution:** Either temporarily enable accessibility for terminal apps, or paste the Global API Key here once so I can automate this. |
| 30 | +When you see `agentfolio.io` in the certificate CN, it's ready. |
0 commit comments