[ale] Oct News: StartCom, WoSign distrusted by Mozilla, Google, Apple

Phil Turmel philip at turmel.org
Tue Mar 14 11:34:04 EDT 2017


This sounds like a great presentation topic.... (-:

On 03/14/2017 11:06 AM, TxMoose wrote:
> +1 for Let's Encrypt.  It is an excellent solution, as long as you're
> willing to put in an afternoon to:
> 
> 1. Understand what the platform is and is not for
> 2. Understand the limitations based on point 1
> 3. Properly configure your environment/automation, if you have any
> 4. Set up automation (read: a single cron command) to renew certs
> 5. Ensure you have audit procedures in place to prune unneeded certs
> when necessary
> 
> 
> I personally use LE for all my things, including my NextCloud instance,
> my email server, and my resume.  I have 2 machines that check for expiry
> every Monday at 2AM and replace certs that are within 30 days of
> expiring.  It is entirely automated, and I get emails that tell me what
> was and was not updated.
> 
> Let's Encrypt is, hands down, one of the best things that has ever
> happened to the modern internet.
> 
> ---
> Very respectfully,
> Kyle Brieden



More information about the Ale mailing list