[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] letsencrypt.org





On Wed, 13 Sep 2017 at 23:08 Jason Cooper <cryptography AT lakedaemon.net> wrote:
Hi Bayuk,

On Wed, Sep 13, 2017 at 02:18:40PM -0400, Bayuk wrote:
> Has anyone on this list contributed to  https://letsencrypt.org/ - and/or
> otherwise have personal experience, caveats, recommendations with respect to
> the current service or roadmap?

It's extremely useful, with the caveat that certificates are only valid
for 90 days (by design), and require admin privileges to install.

To maximize it's usefulness, it's worth the time investment to set up a
cron job to automatically renew the certs.  Note that this must run as
root (admin).

Mine doesn't, it does everything as a low privilege user and then has sudo privileges to restart apache.

Robin
 

The good folks over in BSD-land created a nice, privilege-separated tool
for this task, acme-client [1].  I've been using for quite a while
(before it was renamed from letskencrypt), and been really happy.

Good luck,

Jason.

[1] https://kristaps.bsd.lv/acme-client/
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography