On Sat, Feb 6, 2016 at 10:59 AM, Charles Curley < [email protected]> wrote:
> On Mon, 28 Dec 2015 16:46:57 -0700 > Corey Edwards <[email protected]> wrote: > > > With enough effort it is possible to get through the mess that is > > their UI. But I switched from StartSSL to Let's Encrypt last month > > and would recommend it. I wrote up my experience with the process. > > > > https://www.zmonkey.org/blog/content/automated-tls-lets-encrypt > > Very useful. Thank you. > Glad to know I helped! > I did hit one problem. I normally run my server on a non-standard port. > I did not know if LE would use that port, and saw no provision to > specify the port. > There's an undocumented option to specify an alternate port (--tls-sni-01-port), but from what I read it's not actually supported by the public infrastructure. Meaning, you could do it but only if you were running your own LE CA (which of course would defeat the point). I think it's supposed to protect against rogue users running daemons on servers they have access to, but not control of; think shared hosting. Corey /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
