Arstechnica reports
In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.
[....]Many hosting providers already support the registration of Let's Encrypt certificates to varying degrees. But Let's Encrypt's free certificate offering hasn't been snapped up by some larger hosting providers—such as GoDaddy—who also sell SSL certificates to their customers.
(Score: 2) by urza9814 on Wednesday March 14 2018, @04:49PM (3 children)
Seriously. I *really* could have used this about a year ago, but now I've invested quite a lot of time into building a system to work around the requirement to validate each individual subdomain.
I've got different certs on each VM, but all the VMs are behind one IP address...so some reverse proxy and NAT strangeness lets me twist that service just right so I can have one server generate all the certs (and that's all it does...no web server, no open ports) which then copies the validation files to my web servers. My domains all point to that one IP, and anything hitting port 80 gets redirected to that domain's web server VM which serves the validation files. Then the certs get generated and copied out to whatever server actually needs them. Which was a huge pain to set up, but now I'm not redoing that crap until one of these scripts breaks...
Of course, that was still easier to set up than the ONE domain that I actually manage the way LE expects you to. I've got one site hosted on Gandi.net, and there's a plugin for the official certbot which lets you generate certs for their infrastructure...but EVERY SINGLE TIME I generate that cert I have to reinstall and reconfigure that plugin first for some reason...
LE is a huge PITA to use...but it still beats spending a couple hundred bucks for a paid cert. And adding wildcard certs should make it far easier at least in terms of the issues I usually have in my (admittedly non-standard) use case...
(Score: 2) by richtopia on Wednesday March 14 2018, @05:47PM
My situation is similar as I self-host a number of services in my house, so one IP and reverse proxy to direct traffic. I never implemented HTTPS as my website is just static content, but I probably will setup a wildcard certificate now that they exist. I think it will be particularly nice for firing up new web services in a separate docker container for demonstration purposes that isn't intended for production.
(Score: 2) by bob_super on Wednesday March 14 2018, @06:45PM (1 child)
> LE is a huge PITA to use...but it still beats spending a couple hundred bucks for a paid cert.
How many hours of extra work qualify as "a huge PITA" ?
Just wondering about diminishing returns.
(Score: 2) by urza9814 on Wednesday March 14 2018, @07:12PM