[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple
DJ-Pfulio
DJPfulio at jdpfu.com
Tue Mar 14 11:46:24 EDT 2017
On 03/14/2017 11:06 AM, TxMoose wrote:
> +1 for Let's Encrypt. It is an excellent solution, as long as you're
> willing to put in an afternoon to:
Using LE here too for a few personal services where I had self-signed
certs. Plan to move some others over when the paid certs expire.
If you are on apache, LE is bonehead simple.
Last time I checked, for nginx, it was manual.
My crontab isn't renewing, but since it runs every 75 days, it hasn't
been an issue to manually run the update. Figure it must be an
environment thing. ;)
A presentation on Let's Encrypt is 3 minutes, at least for Apache.
sudo apt install letsencrypt python-letsencrypt-apache
sudo letsencrypt --apache --agree-tos --email webmaster at example.com \
-d ssl.example.com
sudo vi /etc/apache2/sites-available/ssl.example.com.conf
# check that everything is fine; it was here.
sudo systemctl reload apache2
# Setup a reminder or crontab to renew the certs on each machine. Only 1
renew request is needed per VM, every 90 days.
More information about the Ale
mailing list