With many thanks to The Mighty Buzzard riding shotgun and helping me through some misunderstandings, I updated the certificates (certs) for all of SoylentNews' domains. Our certs are now good through: Wednesday, June 12, 2019.
Everything seemed to go as expected. If you experience any issues, please mention them here, or pop onto our IRC channel using your favorite client or the web interface and speak up in the #dev or #Soylent channel.
(Score: 3, Informative) by isostatic on Thursday March 14 2019, @08:32PM (3 children)
Looks like they moved to wildcard certs for
DNS Name: *.soylentnews.org
DNS Name: *.sylnt.us
DNS Name: soylentnews.org
DNS Name: sylnt.us
last July.
However before then there were 17 certs with lets encrypt
chat.soylentnews.org
chat.sylnt.us
dev.soylentnews.org
irc1.sylnt.us
irc2.sylnt.us
irc-logs.soylentnews.org
irc.soylentnews.org
irc-stats.soylentnews.org
irc.sylnt.us
lists.soylentnews.org
logs.sylnt.us
mail.soylentnews.org
postfixadmin.soylentnews.org
stats.sylnt.us
vm.soylentnews.org
webmail.soylentnews.org
wiki.soylentnews.org
There was also a cert for www.soylentnews.org with Gandi, but that expired last june. Go back to 2015 and there was also "chillax.soylentnews.org", which had a Startcom cert (I think they were free -- they were/are a Chinese CA that got into some wrongdoing a couple of years ago)
All of those appear to host pages on port 80, so I'm interested in the reason to not use /.well-known/acme-challange authentication, with a weekly renewal cronjob running. Avoid spreading a wildcard cert/key so far and wide, and have nothing manual to do.
(Score: 2) by NewNic on Thursday March 14 2019, @08:52PM
Exactly.
It's very easy to have multiple names in a certificate with Let's encrypt.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 2) by The Mighty Buzzard on Thursday March 14 2019, @09:34PM (1 child)
You can't use http challenges for wildcard certs, must be dns-01.
My rights don't end where your fear begins.
(Score: 2) by isostatic on Friday March 15 2019, @04:35PM
Which goes back to the question of why use a wildcard cert