[GitHub] [trafficcontrol] jhg03a edited a comment on issue #5893: Snapshotting a CDN that has an HTTPS delivery service w/ no cert causes TR crconfig reload failure

[GitBox <gi...@apache.org>]

jhg03a edited a comment on issue #5893:
URL: https://github.com/apache/trafficcontrol/issues/5893#issuecomment-849825339


   As an operator, I disagree.  Fewer steps and ways to mess things up that don't involve being forced into longer explicit workflows are better.  We're aiming for the same endgoal, but which is better:
   ```
   1. Make the DS
   2. Add/update the cert to be valid, if you have one and not necessary if you're using LE/ACME
   ```
   versus
   ```
   1. Try to make the DS and be told it's wrong or get confused as to why I can't enable HTTPS in the first place
   2. Make the DS partially
   3. Add/update the cert to be valid, which might be self-signed anyway if you don't have a legitimate cert yet
   4. Update the DS again to be complete.
   ```
   There's not a downside in defaulting to a self-signed value and is how most beginner webserver instructions start with.  The worst case scenario is that you forget to add the valid cert later which is really just a tradeoff in https connectivity being refused all together versus just being able to allow the insecure content.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org