Hi Group I'm bringing up this thread again in light of the hassle with ACME Cert generation in the current stable release. I thought I would try out a cheap Comodo Wildcard SSL Cert as I get 30 days money back guarantee.
It appears to now be working fine with a direct replacement of webinterface.pem & https_ca_chain.pem and a Lighttpd restart. Is this all I need to do? Other than an update in a year, which looks pretty easy to do, does anyone see any issues with this? I may even decide to go back to ACME then if things are running ok. Regards Michael Knill From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Thursday, 11 April 2019 at 12:34 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] ACME (Let's Encrypt) Certificates Vs Wildcard SSL certificates Hi Michael, but the way I see it is that we could just purchase a Wildcard SSL certificate instead of using ACME which seems a bit of a hassle. Am I correct? IMO, using automatic ACME certs in AstLinux is the least-hassle approach ... after the initial setup. The hassle with a 1-2 year Wildcard SSL cert (other than the cost) is it needs to be deployed and updated to all the boxes, even if only every 1-2 years. You would need to create some sort of CRON script to do that, and probably with authentication. If you go through the trouble of creating a Wildcard SSL cert deploy/update system, you just as well mint your own Let's Encrypt Wildcard Certs at a central location, at no cost every two months. You need to weigh the pros/cons for your situation, I use Cloudflare for my ACME DNS validation, and after many renewals for many boxes using non-wildcard certs, it just works. Lonnie On Apr 10, 2019, at 5:34 AM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: Hi Group As I am looking to encourage the use of web portals that we have built into Astlinux, I am having to consider the use of non self signed certificates to stop the browser complaining. The web interface for all our systems is accessible with <customer id>.ibcaccess.net. Forgive me for my ignorance but I'm not that good with SSL certificates but the way I see it is that we could just purchase a Wildcard SSL certificate instead of using ACME which seems a bit of a hassle. Am I correct? Regards Michael Knill _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
