> On 17 Apr 2016, at 22:08, Hannes Mehnert <[email protected]> wrote: > On 17/04/2016 22:06, Anil Madhavapeddy wrote: >> We have a paid-for certificate at the moment for mirage.io, and I was >> considering switching to letsencrypt instead. Any objections/thoughts on >> this? It may have some compatibility issues on older browsers, but aside >> from that seems like a fine choice worth supporting. > > I'd go for let's encrypt (and use it on https://hannes.nqsb.io). This > whole business of paying money for certificates has to end. There is, > next to the official python client one implemented in sh (calling out to > openssl etc.), which works fine > (https://github.com/lukas2511/letsencrypt.sh/)
(notes on this up on Canopy at http://canopy.mirage.io/Wiki/Letsencrypt) The shell script version is amazingly easy to use! I just did: $ git clone https://github.com/lukas2511/letsencrypt.sh $ cd letsencrypt.sh $ git clone https://github.com/bennettp123/letsencrypt.sh-email-notify-hook hooks/email-notify $ ./letsencrypt.sh --cron --domain mirage.io --challenge dns-01 --hook 'hooks/email-notify/hook.sh' # # !! WARNING !! No main config file found, using default config! # + Generating account key... + Registering account key with letsencrypt... Processing mirage.io + Signing domains... + Creating new directory /home/avsm/letsencrypt/letsencrypt.sh/certs/mirage.io ... + Generating private key... + Generating signing request... + Requesting challenge for mirage.io... + Settling down for 10s... + DNS not propagated. Waiting 30s for record creation and replication... + DNS not propagated. Waiting 30s for record creation and replication... + DNS not propagated. Waiting 30s for record creation and replication... + Responding to challenge for mirage.io... + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + Done! The result is live on mirage.io: https://www.ssllabs.com/ssltest/analyze.html?d=mirage.io cheers Anil _______________________________________________ MirageOS-devel mailing list [email protected] http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
