Follow-up on @letsencrypt: I am not so optimistic about it as the folks who replied to my previous inquiry. It seems pretty unstable (for example, they just broke all currently installed versions on the 9th!), and a lot of stuff doesn't even work out-of-the-box...
It's not that Let's Encrypt goes down - it's that your _client_ may be rejected, as happened in January. At that point, you have to have planned ahead and had some way for your Let's Encrypt cron job to _email you_ and let you know this, so you can go manually update it!
-
-
That is just not a sane thing to be happening in the supposedly automated security part of the subsystem, IMO, so I am sticking with predictably installed 3-year SSL certificates.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Well, the clients being rejected was a security issue in the protocol itself - those should be ironed out over time. Also, most clients I've seen, including Certbot, support multiple validation methods and will choose whichever the server allows.
-
Even today, if you are up-to-date on Debian, certbot cannot get a certificate with the default install. Ironed out over time" is not exactly something I want to hear about something critical to my website staying up :)
- Show replies
New conversation -
-
-
if you define MAILTO=<email address> in cron (and setup email on linux) cron sends you an email after every job
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
They’ll email you if your certificates are due to expire and have not been renewed... it’s not your client, it’s their server, but last time there my client failed to update these emails gave plenty of time to have no downtime.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.