SoylentNews is people
SoylentNews
I just finished updating the certs for SoylentNews.
We get our certs through Let's Encrypt. Yes, we could automate the whole process, but it has been discussed and decided that given our... unique configuration, it is best to have a human in the loop than to let a script somehow run amok and then try to restore things when who-all-knows-what got deployed and things have gone sideways.
I have checked our web sites for production, dev, and staff as well as sending and retrieving e-mail; all seemed to be okay.
More than anything else, this is a check on us to see if we (well, me, actually) overlooked anything. If you do detect any issues, please post a comment to this story.
(Hat tip to The Mighty Buzzard for standing by in case I bollixed up something.)
[Update: Unless, of course, you cannot post a comment to this story! Then pop onto the #Soylent channel on our Internet Relay Chat (IRC) server and let us know over there. --martyb]
(Score: 1, Insightful) by Anonymous Coward on Thursday August 22 2019, @06:00PM
After over 10 years of browsers screaming blue murder over self-signed certs, and several high profile cases of de-factor censorship via cert-withdrawals (e.g. Sci-hub), I've turned off the idea of site certification being a good thing.
The usual mantra uttered here is "Security = Encryption + Authentication". But we've learned to our cost that "Authentication = Money*Money - Censorship^Politics".
Like a lot of modern "meta-site" infrastructure, Certs are becoming a mandatory but less than reliable requirement for running a website, increasing both cost and complexity and making simple, small scale websites ever less feasible. An Internet protection rent charged by third parties as a cost of getting your content online "on your own computer". All websites used to need was a PC in a garage and a domain name.