let encrypt renewal

Question

I've just setup SCIM cluster in google cloud, following the default instructions.
It doesn't seem safe to me, to allow scim site to be publicly available.

I'm just wondering what the best practice is here without over complicating it?

Can I lock down port 443, but allow port 80 to remain open for cert renewal?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

hemal_g_1p · Answer

Hi @joemailey ,

Thank you for reaching us with the question. Apology for delayed response. 
Could you please link us what instruction you're following? it seems outdated to us. Port 80 is used for setup only and everything else is operating through port 443, including Let's Encrypt cert renewal. Although your Scim dns is publicly available, its only accessible with bearer token. Unless that is compromised everything is safe.

Forum Discussion

let encrypt renewal

1 Reply

Recent Discussions

Mac client v8.10.80 released June 10 2025 is painfully slow

Win11 -> WSL2 -> devcontainer ssh-add not accessible anymore

ssh-agent - use specific key for specific hosts

Security concern with allowing Terminal complete access to my 1P account via op CLI

op-ssh-sign fails when passed non-UTF-8 payloads