Well I have finally implemented ACME certs into my Lab and as you told me, its actually not as painful as I thought. I used Go Daddy because I am commercial and it seems to work fine. Note that I couldn't get it to work on acme version 2.7.2 (Astlinux 1.3.2) but it worked fine on acme 2.7.9 (Astlinux 1.3.4)
As there are lots of cool domain suffix’s now available, I can now connect to the interface using <customer id>.myportal.tel. Nice! Thanks all for your help. Regards Michael Knill From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Thursday, 11 April 2019 at 12:34 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] ACME (Let's Encrypt) Certificates Vs Wildcard SSL certificates Hi Michael, but the way I see it is that we could just purchase a Wildcard SSL certificate instead of using ACME which seems a bit of a hassle. Am I correct? IMO, using automatic ACME certs in AstLinux is the least-hassle approach ... after the initial setup. The hassle with a 1-2 year Wildcard SSL cert (other than the cost) is it needs to be deployed and updated to all the boxes, even if only every 1-2 years. You would need to create some sort of CRON script to do that, and probably with authentication. If you go through the trouble of creating a Wildcard SSL cert deploy/update system, you just as well mint your own Let's Encrypt Wildcard Certs at a central location, at no cost every two months. You need to weigh the pros/cons for your situation, I use Cloudflare for my ACME DNS validation, and after many renewals for many boxes using non-wildcard certs, it just works. Lonnie On Apr 10, 2019, at 5:34 AM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: Hi Group As I am looking to encourage the use of web portals that we have built into Astlinux, I am having to consider the use of non self signed certificates to stop the browser complaining. The web interface for all our systems is accessible with <customer id>.ibcaccess.net. Forgive me for my ignorance but I'm not that good with SSL certificates but the way I see it is that we could just purchase a Wildcard SSL certificate instead of using ACME which seems a bit of a hassle. Am I correct? Regards Michael Knill _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
