Hi Paolo, On Wed, 4 May 2022 01:25:23 -0300 Paolo Lucente <pa...@pmacct.net> wrote:
> Somehow i can't reproduce the problem, both pmacct.net and > www.pmacct.net do actually work for me no problem (http of course, > ie. not https, well no https is advertised out nor does it work). > > Can you please qualify the issue better (here or by unicast email). I'm using Mozilla Firefox 91.8.0esr on Debian bullseye (v11.3). Some browsers of late (I think firefox, at least in private windows, and maybe other browsers) use https by default. So, it's a https problem. Just typing "pmacct.net" resulted in a "can't connect" type of message. https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/ According to the above, this should not be a problem. But my ISP sucks; dns resolution is slow. So there's probably a race condition. One that does not affect very many people. Should you decide to use HTTPS, here's my certbot command (for the debian certbot package which uses the free letsencrypt.org service): certbot certonly --webroot \ --webroot-path /var/www/webserver \ --domains foo.example.com,bar.example.com,... \ --renew-with-new-domains I prefer not to let certbot frob the webserver configs. So you'll then need to add the cert files found in /etc/letsencrypt/live/<certname>/ to the TLS configs for your webserver. (See /etc/letsencrypt/live/README.) The debian certbot package comes with a systemd timer to renew the certs. (And a systemd service.) They probably come enabled out of the box but check with "systemctl status ...". As an FYI, the way certbot issuance/renewal works is that first a cookie is obtained and dropped into the http document root. When the letsencrypt server verifies the cookie using http, it knows that you run the website and then issues you a cert. See also: https://blog.chromium.org/2021/03/a-safer-default-for-navigation-https.html FWIW, using HTTPS is supposed to get you a better google ranking. Regards, Karl <k...@karlpinc.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein P.S. If you want to use the certbot web cert to secure your SMTP traffic I have a hook I can send you that works with postfix. You'll have to frob it to get the certs onto your secondary MX. _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists