El Reg reports:
Hoping to expand the pool of Let's Encrypt testers, TrueCrypt audit project co-founder Kenneth White has run up a set of scripts to automate the process of installing certificates under the Mozilla-backed open CA.
White, co-director of the Open Crypto Audit Project, has posted the work at Github, here. He explains that the project is quite simple, consisting of Python scripts to "stand up the official Let's Encrypt certificate management ACME client tool" in the target environments.
These include Debian, Amazon's Linux (for AWS), CentOS, RedHat, and FreeBSD.
[...]White says [...] the official client "can be fragile and error-prone on some systems".
Having had to batter his own head against the client, White [...] says he cleaned up the process in his scripts to make Let's Encrypt more accessible to other users.
He warns against running either the Let's Encrypt client or his scripts in production systems:
"LE is still in beta and has some rough edges", White notes, "including silently invoking sudo and installing quite a few development packages".
Previous: The "Let's Encrypt" Project Generates Root and Intermediate Certificates
Let's Encrypt Has Issued Its First Gratis SSL/TLS Certificate
(Score: 0) by Anonymous Coward on Tuesday November 10 2015, @07:49PM
No such thing.
(Score: 2) by davester666 on Wednesday November 11 2015, @03:39AM
you hope there is "no such thing"
(Score: 2) by PizzaRollPlinkett on Tuesday November 10 2015, @08:01PM
Hey, this is a good technical story that I like. But the headline doesn't parse. You read it and ask how you encrypt gets.
"Let's Encrypt" Software Gets Automation
Testers Get "Let's Encrypt" Automated Scripts
I like the second one, especially if you could work Python into it, because it tells you this is a cool technical story you want to read.
(E-mail me if you want a pizza roll!)
(Score: 2) by frojack on Wednesday November 11 2015, @01:04AM
Had you been paying attention to Lets Encrypt all along, this would be a non-story, because automation of the certificate process was the WHOLE focus of Let's Encrypt.
The automation handles the application process, as well as the installation process, as well as the refresh process for certificates that occurs every 90 days. (Yes, short duration certs are preferable).
The scripts are all right there at the second link for anyone to see.
No, you are mistaken. I've always had this sig.
(Score: 2) by opinionated_science on Tuesday November 10 2015, @08:04PM
https://github.com/diafygi/letsencrypt-nosudo [github.com]
(Score: 2) by frojack on Wednesday November 11 2015, @01:12AM
From your own link:
There is only one command that needs to be run as root on your server and it is a very simple python https server (sic) that you can inspect for yourself before you run it.
A distinction without a difference. The other scripts are are available for inspection too.
But your point is valid, using either method would be allowing some third party to make changes to your computer. What should happen is that these scripts should run as a special user on Linux, and that user should be highly restricted in any sudo command it could invoke.
(Of course this involves editing your susoers.)
No, you are mistaken. I've always had this sig.
(Score: 2) by FatPhil on Wednesday November 11 2015, @06:14PM
Which means that other shit is being run as root, and this script is "protecting" you from having to know that. Nice.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday November 10 2015, @08:26PM
I still have to connect to open wifi networks. https plz.
(Score: 2) by Zinho on Tuesday November 10 2015, @09:04PM
I still have to connect to open wifi networks. https plz.
Yep, that's what this project is trying to make happen. The LetsEncrypt.org domain is enabled by default in the EncryptedWeb add-on for Pale Moon, so they're leading by example. The sooner Web administrators have easy access to self-signed certificates trustable by everyone's browsers the better off we'll all be.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
(Score: 4, Informative) by draconx on Tuesday November 10 2015, @09:31PM
These aren't self-signed certs. They are domain validated (DV) certs signed by the Let's Encrypt certificate authority.
(Score: 2) by Zinho on Wednesday November 11 2015, @02:39PM
Even better, thanks for the correction.
"Space Exploration is not endless circles in low earth orbit." -Buzz Aldrin
(Score: 0) by Anonymous Coward on Tuesday November 10 2015, @08:58PM
As of the last article my Pale Moon install wasn't working with their new keys. Today it does. I'm glad to see them making progress on this, self-signing should not be a second-class ghetto for Internet security.
Test your browser, [letsencrypt.org] see whether you're ready for the new CA to come online.
(Score: 0) by Anonymous Coward on Wednesday November 11 2015, @01:03PM
Just give me the cert pack and let me install it myself. Why the hell is that too much to ask for? I can be trusted to run a server but not to install my own certs? FAIL...
(Score: 2) by tempest on Wednesday November 11 2015, @03:18PM
If you want to apply for a free certificate you install yourself, StartSSL already offers them.
(Score: 2) by urza9814 on Thursday November 12 2015, @09:04PM
According to their website [letsencrypt.org], you can install these certs manually too if you'd like. But since they only issue 90 day certs, they suggest you automate it.