You have to renew LE certificates every few months. And out of a security-paranoia aspect I guess we want to do this renewal manually. So I agree it's not really practical.
Even after Oracle donates the nb.org domain I guess it will still remain active (just to prevent domain grabbing). I assume it will simply redirect to netbeans.apache.org. Or might even continue to serve as an enduser facing page. In any case we will continue to have a certificate. Now from the strictly practical point: Oracle still owns the domain. It was not yet handed over, right? And Oracle still has the sole control over the hosts. So I assume it will be the easiest if Oracle would renew the certificate for this time. We would not be able to install any new cert anyway. LieGrue, strub > Am 29.11.2016 um 17:54 schrieb Emilian Bold <emilian.b...@gmail.com>: > > When you mention sub-domains I assume you are thinking of *.apache.org. > > netbeans.org would be a separate domain where you could user Lets Encrypt > without issues. > > > > --emi > > On Mon, Nov 28, 2016 at 6:47 PM, Daniel Gruno <humbed...@apache.org> wrote: > >> On 11/28/2016 05:43 PM, Emilian Bold wrote: >>> Yeah, with Let's Encrypt this is less of a hassle I assume. >>> >>> În lun., 28 nov. 2016 la 18:32 Bertrand Delacretaz < >> bdelacre...@apache.org> >>> a scris: >>> >>>> On Mon, Nov 28, 2016 at 4:10 PM, Emilian Bold <e...@apache.org> wrote: >>>>> ...perhaps Oracle will be kind enough to renew the certificate and >>>> donate to >>>>> ASF the private keys when all is done?... >>>> >>>> Daniel as our infra mentor will be able to confirm but I suppose we >>>> have all we need in house, probably using free certificates in which >>>> case that wouldn't be needed. but thanks for the suggestion - let's >>>> wait for Daniels' opinion. >> >> Not free, but we can produce certs for domains we own, yes. >> We don't use Lets Encrypt at the ASF, it's just not practical when you >> have a distributed setup with some 400+ sub-domains (LE does not support >> wildcard certs). >> >>>> >>>> -Bertrand >>>> >>> >> >>