[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple

TxMoose kyle at txmoose.com
Tue Mar 14 11:57:25 EDT 2017


I'm already in for a presentation on Salt Stack and haven't even been to 
a meeting yet! :D

That being said, I'd be happy to give a presentation on LE, but it is, 
like DJ said, bonehead simple.  I could maybe talk for 15 minutes, and 
that's really stretching the "use it for this, don't use it for that" 
stuff.

And yes, nginx is "manual", but certbot provides a post-hook utility, so 
there's nothing manual about it.

root at mail:~# crontab -l
MAILTO=kyle at txmoose.com
30 2 * * 1 /opt/certbot-auto renew --post-hook "service nginx reload"


That's my crontab on my mail server.  This check for renewal of 4 certs 
every Monday night.  And that's it.  I read the email every few weeks to 
see when something happened, and I'm good.

---
Very respectfully,
Kyle Brieden

On 14-03-2017 11:46, DJ-Pfulio wrote:
> On 03/14/2017 11:06 AM, TxMoose wrote:
>> +1 for Let's Encrypt.  It is an excellent solution, as long as you're
>> willing to put in an afternoon to:
> 
> 
> Using LE here too for a few personal services where I had self-signed
> certs. Plan to move some others over when the paid certs expire.
> 
> If you are on apache, LE is bonehead simple.
> Last time I checked, for nginx, it was manual.
> 
> My crontab isn't renewing, but since it runs every 75 days, it hasn't
> been an issue to manually run the update. Figure it must be an
> environment thing. ;)
> 
> A presentation on Let's Encrypt is 3 minutes, at least for Apache.
> 
>  sudo apt install letsencrypt python-letsencrypt-apache
> 
>  sudo letsencrypt --apache --agree-tos --email webmaster at example.com \
>                   -d ssl.example.com
> 
>  sudo vi /etc/apache2/sites-available/ssl.example.com.conf
>    # check that everything is fine; it was here.
> 
>  sudo systemctl reload apache2
> 
> # Setup a reminder or crontab to renew the certs on each machine. Only 
> 1
> renew request is needed per VM, every 90 days.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list