You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
The recent @letsencrypt shutdown of TLS-SNI-01 validation (due to idiotic hosting providers) is very disappointing. It was by far the most convenient, hands-off, universal validation mechanism. https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188 …
DNS-01 requires making all my DNS zones dynamic, which is a PITA and increases complexity. HTTP-01 requires pre-provisioning site configs and having a mutable webroot. TLS-SNI-01 was great because it didn't clash with actual production configs at all so it always worked.
The closest thing to the previous hands-off behavior I can think of is using iptables to send port 80 to some other port, and deploying an nginx config that passes that through to port 80 on self except for the well-known ACME paths. But ugh.
I guess a less ugly method would be to have the default vhost serve the ACME challenges and then having an include to add that functionality in every additional port 80 vhost. Still ugh.
For what it’s worth, this is technically not the case. You can CNAME your _acme-challenge labels into a single dynamic validation zone.
Ex: _acme-challenge.mywebsite.com CNAME _acme-challenge.mywebsite.mydynamiczone.mywebsite.com.
I'm using: location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" { set $challenge $1; if ($http_user_agent !~ "letsencrypt") { return 444; } default_type text/plain; return 200 "$challenge.$acme_account_thumbprint"; } see https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode …
I disagree. I have manually added the necessary zone contents without dynamic DNS (as in nsupdate) support. Dynamic is easier but not strictly required.
Wanna sign up to manually do the 2-monthly renewals for me for free? I have about 40-odd certificates for 100+ (sub)domains, so that's one every couple of days on average ;)
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
