Stories
Slash Boxes
Comments

SoylentNews is people

Meta

Site Updates: New Let's Encrypt Certs Installed on Our Servers Early This Morning

posted by martyb on Thursday June 17 2021, @11:19AM   Printer-friendly

martyb writes:

Last night (actually, very early this morning) mechanicjay generated and installed new Let's Encrypt certs for our servers.

I made a quick check and everything seems to be in place. The old certs were due to expire right about now, so if you do have any issues, please pop onto IRC (preferred) or reply here and let us know!

Thanks mechanicjay!

Original Submission

 
This discussion has been archived. No new comments can be posted.
Site Updates: New Let's Encrypt Certs Installed on Our Servers Early This Morning | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by mechanicjay on Thursday June 17 2021, @04:28PM (2 children)

    by mechanicjay (7) <reversethis-{gro ... a} {yajcinahcem}> on Thursday June 17 2021, @04:28PM (#1146566) Homepage Journal
    Because Let's Encrypt requires a DNS TXT record for domain validation in order to pull wildcard certs. As we run our own bind and don't rely on a "DNS provider" with an API that certbot can twiddle, it makes it a manual process. Once we have the cert, the installation and service restarts are all scripted.
    --
    My VMS box beat up your Windows box.
    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 1, Interesting) by Anonymous Coward on Friday June 18 2021, @05:17AM

    by Anonymous Coward on Friday June 18 2021, @05:17AM (#1146857)

    No such API on BIND? What version are you running that doesn't support TSIG? That is the standard way to do this, after all. Just generate a TSIG key and restrict its update policy to TXT records for _acme-challenge.soylentnews.org.

  • (Score: 0) by Anonymous Coward on Friday June 18 2021, @03:09PM

    by Anonymous Coward on Friday June 18 2021, @03:09PM (#1146965)

    "Because Let's Encrypt requires a DNS TXT record for domain validation in order to pull wildcard certs."

    We had this issue with namecheap. It was reason enough for me to dump them, especially after they claimed that eff's certificates were not as secure -- I trust eff.org FAR MORE than most of the paid certificates.

    Now we use dreamhost. I don't know what other hosting companies support certbot, but I do know it is a p.i.t.a. to switch.