HTTPS access: advice needed


#1

Hello. Could someone give me advice in my predicament?
I use RhodeCode to host some Mercurial repositories. Recently I switched to HTTPS by installing a reverse proxy with Let’s Encrypt certificate, so it passes plain HTTP traffic further to RhodeCode.

I provide host fingerprints inside hostsecurity section of mercurial.ini, and everything works fine. The minor annoyance I have is related to the fact that I need to renew Let’s Encrypt cerificate every 3 months, and thus I have to ask the users to update server fingerprints in their ini files each time. What is the best way to avoid it? Thanks.