Stories
Slash Boxes
Comments

SoylentNews is people

Meta: Site Certificates Updated

posted by martyb on Thursday March 14 2019, @02:30PM   Printer-friendly
from the certs-are-not-just-a-breath-mint dept.

martyb writes:

With many thanks to The Mighty Buzzard riding shotgun and helping me through some misunderstandings, I updated the certificates (certs) for all of SoylentNews' domains. Our certs are now good through: Wednesday, June 12, 2019.

Everything seemed to go as expected. If you experience any issues, please mention them here, or pop onto our IRC channel using your favorite client or the web interface and speak up in the #dev or #Soylent channel.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Meta: Site Certificates Updated | Log In/Create an Account | Top | 51 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Interesting) by Whoever on Thursday March 14 2019, @03:00PM (5 children)

    by Whoever (4524) on Thursday March 14 2019, @03:00PM (#814235) Journal

    I hope you are now automatically updating the certificates. It's quite easy to do this with Let's Encrypt.

    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 5, Interesting) by martyb on Thursday March 14 2019, @03:08PM

    by martyb (76) Subscriber Badge on Thursday March 14 2019, @03:08PM (#814238) Journal

    Yes, it is possible. No, it's not likely. TheMightyBuzzard expressed misgivings about automagically updating DNS records. I must say I share, them, too. I see a couple places where some automation would come in handy, but I would still prefer to have a human in the loop... Just. In. Case.

    Besides, you are talking to the QA guy for the site. I am positively gifted in making things go sidedays which is NOT something you want happening in a running system.

    Do be aware that we have a total of 10 systems to keep in sync, as well.

    So, I'm not saying never, but it will be a long while before we would go fully automated, and there are reasons for it.

    --
    Wit is intellect, dancing.

  • (Score: 2) by isostatic on Thursday March 14 2019, @03:53PM (3 children)

    by isostatic (365) on Thursday March 14 2019, @03:53PM (#814265) Journal

    We should be pushing certificate lengths down to 3 month maximum at a minimum, and probably shorter than that.

    • (Score: 3, Informative) by NotSanguine on Thursday March 14 2019, @04:37PM (2 children)

      by NotSanguine (285) <{NotSanguine} {at} {SoylentNews.Org}> on Thursday March 14 2019, @04:37PM (#814287) Homepage Journal

      We should be pushing certificate lengths down to 3 month maximum at a minimum, and probably shorter than that.

      Three months is the default for Let's Encrypt certificates.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr

      • (Score: 2) by isostatic on Thursday March 14 2019, @08:17PM (1 child)

        by isostatic (365) on Thursday March 14 2019, @08:17PM (#814427) Journal

        And they want to go shorter than that, but given they issue something like a million certificates every day for free, they can't currently justify it.