Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Free SSL/TLS Certificates Coming (Sept./Nov.) - Let's Encrypt! - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Free SSL/TLS Certificates Coming (Sept./Nov.) - Let's Encrypt!

2»

Comments

  • MaouniqueMaounique Host Rep, Veteran

    rm_ said: they are now giving you an opportunity to be forgetting to do that much more often

    Good one, except the process will be automatic... At least this is how I understand it.

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2015

    Maounique said: the process will be automatic

    Again, some of us (like me) never planned to bother with their "automation" software, I have my servers configured exactly the way I like, and I don't want some third-party program to mess all of that up, just for the sake of letting me get a "free cert".

    Thanked by 1berkay
  • MaouniqueMaounique Host Rep, Veteran

    rm_ said: Again, some of us (like me) never planned to bother with their "automation" software, I have my servers configured exactly the way I like, and I don't want some third-party program to mess all of that up, just for the sake of letting me get a "free cert".

    And, as I said, this offer is not for you or anyone which knows how to use other free certs (if they trust the issuers, I will always trust EFF more). This is like a kindergarten game, "let's paintencrypt" for the millions out there which cannot even grasp the concept, they just know that encryption is good and, even if the project does not reach it's goal, like maintaining an easy to use encryption framework for communications of all kinds, will still add tot he noise and make it harder for the spooks.
    You don't intend to use it? Fine, you are free not to.

  • eva2000eva2000 Veteran

    rm_ said: Again, some of us (like me) never planned to bother with their "automation" software, I have my servers configured exactly the way I like, and I don't want some third-party program to mess all of that up, just for the sake of letting me get a "free cert".

    Letsencrypt has both automated and manual methods of obtaining SSL certs. If you have non-Ubuntu based Apache/Nginx then you probably won't be able to use their automation anyway. For me with my Centmin Mod LEMP stack on CentOS I will have to use their manual method (until I can script it for automation for Centmin Mod LEMP). Example, of using Letsencrypt manual method for setting up Letsencrypt SSL on Centmin Mod Nginx https://community.centminmod.com/threads/letsencrypt-ssl-certificate-on-centmin-mod-nginx-http-2.4250/

  • rm_rm_ IPv6 Advocate, Veteran

    eva2000 said: Letsencrypt has both automated and manual methods of obtaining SSL certs.

    Point is, the 90 days validity makes using the manual method such a PITA, it might as well not exist.

  • perennateperennate Member, Host Rep

    eva2000 said: Letsencrypt has both automated and manual methods of obtaining SSL certs. If you have non-Ubuntu based Apache/Nginx then you probably won't be able to use their automation anyway. For me with my Centmin Mod LEMP stack on CentOS I will have to use their manual method (until I can script it for automation for Centmin Mod LEMP). Example, of using Letsencrypt manual method for setting up Letsencrypt SSL on Centmin Mod Nginx https://community.centminmod.com/threads/letsencrypt-ssl-certificate-on-centmin-mod-nginx-http-2.4250/

    Which is why rm_ is complaining about the ninety-day validity...?

  • berkayberkay Member

    rm_ said: a person gets better at a task they have to do six times a year than one they have to do once a year. People are less likely to make mistakes, and more likely to set up reminders and make sure there is backup for when they are on vacation.

    https://community.letsencrypt.org/t/maximum-and-minimum-certificate-lifetimes/264/12

    Yeah, seems like complete BS to me. They try to think for the people instead just issuing certs.

  • perennateperennate Member, Host Rep

    Maounique said: And, as I said, this offer is not for you or anyone which knows how to use other free certs (if they trust the issuers, I will always trust EFF more). This is like a kindergarten game, "let's paintencrypt" for the millions out there which cannot even grasp the concept, they just know that encryption is good and, even if the project does not reach it's goal, like maintaining an easy to use encryption framework for communications of all kinds, will still add tot he noise and make it harder for the spooks.

    Goal of providing free certificates is just as primary to the project I think, to make SSL more common on the web. I think the cost deters people far more than the complexity. The other sources of free certificates aren't as straightforward and are run by commercial entities so arguably have a higher chance of stopping providing new certificates at any time.

  • eva2000eva2000 Veteran
    edited August 2015

    rm_ said: Point is, the 90 days validity makes using the manual method such a PITA, it might as well not exist.

    Yeah that bugs me too.. which why I am looking at automating the manual process myself for integration into Centmin Mod LEMP stack as I am planning to do the same for paid SSL certs too - allow users to upload SSL cert files to server and I can automatically take those files and generate the Nginx SSL vhost and site structure automatically. Also why I'm pushing for more info for non-standard web configs for Letsencrypt manual mode etc https://github.com/letsencrypt/letsencrypt/issues/718. This way I take whatever SSL cert file the user inputs and generate a Nginx SSL vhost automatically.

Sign In or Register to comment.