On Thu, 6 Sep 2018, Louis Kowolowski wrote:
I also created /etc/letsencrypt/renewal-hooks/post/apache-restart:
#!/usr/bin/bash
/usr/bin/systemctl restart httpd.service >/dev/null 2>/dev/null
I"m not familiar with apache any more (haven't really used it in
probably a decade). If loading in
On Sep 6, 2018, at 11:02 AM, Paul Heinlein wrote:
>
> On Wed, 5 Sep 2018, Louis Kowolowski wrote:
>
>> I believe that you can run the renew frequently and it won't actually renew
>> until the time is right. Something like daily/weekly cron.
>>
>> Also, you want to make sure that when you
On Wed, 5 Sep 2018, Louis Kowolowski wrote:
I believe that you can run the renew frequently and it won't
actually renew until the time is right. Something like daily/weekly
cron.
Also, you want to make sure that when you renew, that it triggers a
reload for your web server. Otherwise the
I can confirm both of Louis' comments:
- you can run it daily and it doesn't abuse their server or change the
certificate until <30 days remain. That's the setup I use daily in cron,
but shown here from the command line:
# letsencrypt renew
Processing /etc/letsencrypt/renewal/www.q42.me.conf
I believe that you can run the renew frequently and it won't actually renew
until the time is right. Something like daily/weekly cron.
Also, you want to make sure that when you renew, that it triggers a reload for
your web server. Otherwise the new cert won't be picked up and you'll be
On Wed, 5 Sep 2018, Tomas Kuchta (and several others) wrote:
LetsEncrypt.org
Thanks to everyone who chimed in! The setup for LetsEncrypt was pretty
easy using certbot, so I've installed a new key/cert/chain and will
try living with it for a while.
Supposedly it will be eligible for
Are there any other authorities other let's encrypt with free as in freedom
purpose?
LetsEncrypt.org
Unless of course you need cert for somebody else's web.
Tomas
On Wed, Sep 5, 2018, 12:49 PM Louis Kowolowski
wrote:
> If you're OK with the added requirement of having to renew the cert every
If you're OK with the added requirement of having to renew the cert every 3mo,
and the machine is publicly reachable (either directly or indirectly) on tcp/80
and tcp/443, LetsEncrypt is probably a reasonable choice (as others have
pointed out). There are a number of tools available for
On 09/05/2018 11:09 AM, Alexandre Bedard wrote:
On 9/5/2018 10:59 AM, Paul Heinlein wrote:
So what CAs do you all favor these days?
Have you tried https://letsencrypt.org/ ?
Free, publicly trusted SSL certificates. One of the differences between
this and traditional commercial CA's is that
Letsencrypt++. Free, good browser coverage, easy administration with
certbot or equivalent.
On Wed, Sep 5, 2018, 11:11 Alexandre Bedard wrote:
>
> On 9/5/2018 10:59 AM, Paul Heinlein wrote:
> > So what CAs do you all favor these days?
>
> Have you tried https://letsencrypt.org/ ?
>
> Free,
On 9/5/2018 10:59 AM, Paul Heinlein wrote:
So what CAs do you all favor these days?
Have you tried https://letsencrypt.org/ ?
Free, publicly trusted SSL certificates. One of the differences between
this and traditional commercial CA's is that the certificate is due for
renewal every 90
The SSL certificate for my web site is due to expire in a few days.
I'm not beholden to my current certificate authority (CA) and my
requirements are pretty standard:
* decent browser support
* modern crypto
* quick turnaround on requests
I have no problem using chained certificates if
12 matches
Mail list logo
