Last night (actually, very early this morning) mechanicjay generated and installed new Let's Encrypt certs for our servers.
I made a quick check and everything seems to be in place. The old certs were due to expire right about now, so if you do have any issues, please pop onto IRC (preferred) or reply here and let us know!
Thanks mechanicjay!
(Score: 1, Interesting) by Anonymous Coward on Thursday June 17 2021, @01:13PM (5 children)
Out of interest, why not just run certbot and have it do that for you automatically? I'm probably missing something and asking a dumb question but if I have the question, then others likely do to, so I'll play the dumb one.
(Score: 4, Interesting) by janrinok on Thursday June 17 2021, @01:28PM
Explanation copied from IRC. SoyCow5342 is the AC who asked the question above.
I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
(Score: 0) by Anonymous Coward on Thursday June 17 2021, @02:52PM
... asking for a friend (he's so dumb, couldn't dumb it down enough).
(Score: 5, Informative) by mechanicjay on Thursday June 17 2021, @04:28PM (2 children)
My VMS box beat up your Windows box.
(Score: 1, Interesting) by Anonymous Coward on Friday June 18 2021, @05:17AM
No such API on BIND? What version are you running that doesn't support TSIG? That is the standard way to do this, after all. Just generate a TSIG key and restrict its update policy to TXT records for _acme-challenge.soylentnews.org.
(Score: 0) by Anonymous Coward on Friday June 18 2021, @03:09PM
"Because Let's Encrypt requires a DNS TXT record for domain validation in order to pull wildcard certs."
We had this issue with namecheap. It was reason enough for me to dump them, especially after they claimed that eff's certificates were not as secure -- I trust eff.org FAR MORE than most of the paid certificates.
Now we use dreamhost. I don't know what other hosting companies support certbot, but I do know it is a p.i.t.a. to switch.