On Tuesday 07 Feb 2017 11:20:12 Paul Tansom via Hampshire wrote: > ** Imran Chaudhry via Hampshire <hampshire@mailman.lug.org.uk> [2017-02-07 > 07:52]:
> > +1 for letsencrypt.org - I recently switched to HTTPS for all my > > hosted server domains and was very happy to find a "letsencrypt" > > package for Debian that automated the entire process. It even > > auto-renews the cert for you. > > ** end quote [Imran Chaudhry via Hampshire] > > Seconded, I've been using Letsencrypt for a while now (just checked and it > looks as though I signed up back in November 2015), and I've had no problems > in that time. I used to use StartSSL and the manual renewal and install was > a pain, particularly if you'd managed to let your personal account > certficate expire and lost access to the certificates you already had > (thankfully I managed to merge the accounts I had when they did a system > upgrade a while back). I'm also using Let's Encrypt, and I'm really happy with it. I've had two issues with it though. First, was that my original websites were behind a proxy/firewall that didn't allow HTTP (only HTTPS) access, and the auto-setup didn't work due to not being able to call back. I've since moved away from that setup, and with a more normal environment it all worked first time. Second, was that if you install the script manually, and run the cron with the recommended --no-self-upgrade option, then it doesn't update itself. I have had it fall far enough behind that the script then stops working and fails to update your certificates. Running it manually without the --no-self-upgrade flag fixed that relatively quickly, but I need to make sure the script gets updated regularly. -- Be seeing you, Games: http://www.glendale.org.uk/ Sam. Posts: http://www.google.com/+SamuelPenn
-- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------