Re: [DNG] Your system is not supported by certbot-auto anymore.
On 2020年12月15日 22:43:20 JST, Brad Campbell via Dng wrote: >On 8/12/20 5:02 pm, Martin Steigerwald wrote: > >> I am still using dehydrated. It is a simple shell script which just >> depends on curl, openssl and ca-certificates. There is an additional >> package for apache2 support, which just contains the site >configuration >> for the web challenge thing, and one for DNS challenge. >> >> I think there is an alternative to it, called acme.sh. I never looked >> into it. > >I use acme.sh with dns challenges. Does what it says on the tin and >didn't need any complex deps. > >For the rest of the thread : > +1 mythic-beasts for co-lo and vps hosting and uf.r4l.com for domain >registration since 2006. I run my own dns servers though. > >I don't particularly like letsencrypt, but for installing certs to keep > >stuff happy it does the job for now. Most of my stuff uses self-signed >where I can get away with it. > >Brad >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng Same here. Don t need to run it from server. Just a csr and copy the challenges on your dns records.___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
On 8/12/20 5:02 pm, Martin Steigerwald wrote: I am still using dehydrated. It is a simple shell script which just depends on curl, openssl and ca-certificates. There is an additional package for apache2 support, which just contains the site configuration for the web challenge thing, and one for DNS challenge. I think there is an alternative to it, called acme.sh. I never looked into it. I use acme.sh with dns challenges. Does what it says on the tin and didn't need any complex deps. For the rest of the thread : +1 mythic-beasts for co-lo and vps hosting and uf.r4l.com for domain registration since 2006. I run my own dns servers though. I don't particularly like letsencrypt, but for installing certs to keep stuff happy it does the job for now. Most of my stuff uses self-signed where I can get away with it. Brad ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Quoting Hendrik Boom (hend...@topoi.pooq.com): > Good that that works for you. > But for someone with attantion deficit, that couple of minutes a year is > difficult. (1) Keep domains you care about registered with five years of runtime. There really is not disadvantage worth mentioning. (2) Run d-check as a weekly cron job to remind yourself of upcoming domain registrations. http://linuxmafia.com/~rick/preventing-expiration.html http://linuxmafia.com/pub/linux/network/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Quoting wirelessduck--- via Dng (dng@lists.dyne.org): > A good move to switch from godaddy. Doesn’t really matter where you > switch to, but godaddy appear to be a seriously unethical company. > > https://www.webpronews.com/godaddy-elephant-killing-nodaddy-venovix/ > https://www.wired.com/2007/01/godaddy-meet-no/ More: http://web.archive.org/web/20110627205958/http://nodaddy.com/ http://www.theregister.co.uk/2011/07/12/godaddy_shuts_down_nodaddy/ https://web.archive.org/web/20130310014102/http://asifali.me/post/42323712160/godaddy-deletes-my-domains-and-charges-me-to-restore ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Other than a manual install, are there any alternatives? I am interested to hear how others are doing this. Isolate the application in a trashable environment. Cue containers. That's what I did followed answers in the 'snapd in Devuan? Dependency on systemd' thread. My host systems barely suffer from native packages' pollution anymore. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
On Tue, Dec 08, 2020 at 12:51:11PM +, Simon Hobson wrote: ... > Given that it's only around £10, and only a couple of minutes to renew > once a year, I've just not had any particular pressure to change. Good that that works for you. But for someone with attantion deficit, that couple of minutes a year is difficult. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
> On 8 Dec 2020, at 23:51, Simon Hobson wrote: > > At my last job, we used GoDaddy for certs - not sure how much was GoDaddy and > how much was my lack of experience, but it used to seem like a right PITA at > times. I switched to SSLMate for the (linux) systems I managed. A good move to switch from godaddy. Doesn’t really matter where you switch to, but godaddy appear to be a seriously unethical company. https://www.webpronews.com/godaddy-elephant-killing-nodaddy-venovix/ https://www.wired.com/2007/01/godaddy-meet-no/ https://www.theregister.com/2011/07/12/godaddy_shuts_down_nodaddy/___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Simon Walter wrote: > Other than a manual install, are there any alternatives? I am interested to > hear how others are doing this. I never got round to switching from using SSLMate - only $16/yr (equates to around £10/yr for me) for a basic (domain.tld + www.domain.tld) cert, but quickly gets expensive if you want more than that https://sslmate.com/pricing They have a client script that will automatically renew and retrieve certs if you want to do that, or you can do it manually. TBH, once you've set up your services (the script will provide example config snippets on request), just getting updated is a matter of a couple of minutes every year. Given that it's only around £10, and only a couple of minutes to renew once a year, I've just not had any particular pressure to change. At my last job, we used GoDaddy for certs - not sure how much was GoDaddy and how much was my lack of experience, but it used to seem like a right PITA at times. I switched to SSLMate for the (linux) systems I managed. Oh yes, and when I have had any issues, they've been quite helpful and responsive. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Simon Walter - 08.12.20, 10:16:47 CET: > On 12/8/20 6:02 PM, Martin Steigerwald wrote: > > […] > > > >> Other than a manual install, are there any alternatives? I am > >> interested to hear how others are doing this. > > > > I am still using dehydrated. It is a simple shell script which just > > depends on curl, openssl and ca-certificates. There is an additional > > package for apache2 support, which just contains the site > > configuration for the web challenge thing, and one for DNS > > challenge. > > > > I think there is an alternative to it, called acme.sh. I never > > looked > > into it. > > > > Aside from that there is a huge ton of other ACME clients in various > > programming languages. AFAIR Let's Encrypt web page has a list. > > I found it at: https://letsencrypt.org/docs/client-options/ > > Thank you so much. I actually don't need anything messing with my > Apache configs. I just need automatic renewal. I will study the > various clients on that page. Then just install dehydrated base package. Or use another client of your choice. -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Am 2020-12-08 08:41, schrieb Simon Walter: Other than a manual install, are there any alternatives? I am interested to hear how others are doing this. Let's Encrypt has a list of various clients: https://letsencrypt.org/docs/client-options/ I'm using one I've written myself (and haven't bothered adding to the list yet): https://github.com/Daniel-Abrecht/DPA-ACME2 There currently only is a solver for dns-01 challenges for it, though. And I should probably move the solver to another project/repo & make some packages and such stuff. It works pretty well overall, I didn't have any problems with it for a long time anymore. But if you put it in a cron job, make sure to set up mail notifications so you know when it fails. And make sure not to use it around 0 UTC, the let's encrypt servers tend to be overloaded and unreliable around that time. I do think TLS is an awesome and important technology, but I do not like having to rely on yet another authority (the other one being DNS registrars) to be able to operate a webpage and other services. This is why I have also set up DANE. If some day, browsers start to finally support DANE, or free certificates become unavailable, I will immediately switch to self signed certificates (and keep DANE so they could still in theory get automatically validated). Regards, Daniel Abrecht ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
On 12/8/20 6:02 PM, Martin Steigerwald wrote: […] Other than a manual install, are there any alternatives? I am interested to hear how others are doing this. I am still using dehydrated. It is a simple shell script which just depends on curl, openssl and ca-certificates. There is an additional package for apache2 support, which just contains the site configuration for the web challenge thing, and one for DNS challenge. I think there is an alternative to it, called acme.sh. I never looked into it. Aside from that there is a huge ton of other ACME clients in various programming languages. AFAIR Let's Encrypt web page has a list. I found it at: https://letsencrypt.org/docs/client-options/ Thank you so much. I actually don't need anything messing with my Apache configs. I just need automatic renewal. I will study the various clients on that page. Best regards, Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Hi Simon. Simon Walter - 08.12.20, 09:41:15 CET: > It is nice to see that there is instructions for Devuan at > https://certbot.eff.org/lets-encrypt/devuanascii-apache and that they > don't say to use snapd. However, what has certbot become? > > I have yet to look at the source code, but there are a lot of > dependencies: > > The following NEW packages will be installed: >certbot python-certbot-apache python3-acme python3-augeas […] > Other than a manual install, are there any alternatives? I am > interested to hear how others are doing this. I am still using dehydrated. It is a simple shell script which just depends on curl, openssl and ca-certificates. There is an additional package for apache2 support, which just contains the site configuration for the web challenge thing, and one for DNS challenge. I think there is an alternative to it, called acme.sh. I never looked into it. Aside from that there is a huge ton of other ACME clients in various programming languages. AFAIR Let's Encrypt web page has a list. Best, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Your system is not supported by certbot-auto anymore.
It is nice to see that there is instructions for Devuan at https://certbot.eff.org/lets-encrypt/devuanascii-apache and that they don't say to use snapd. However, what has certbot become? I have yet to look at the source code, but there are a lot of dependencies: The following NEW packages will be installed: certbot python-certbot-apache python3-acme python3-augeas python3-certbot python3-certbot-apache python3-cffi-backend python3-configargparse python3-configobj python3-cryptography python3-idna python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pyasn1 python3-requests-toolbelt python3-rfc3339 python3-setuptools python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface Other than a manual install, are there any alternatives? I am interested to hear how others are doing this. Best regards, Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng