New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
As its design should make wildcard certs completely useless, as its designed to get a cert for every address the server actually uses. Its designed so that certs get automatically created, the server manager is completely hands off in their best case scenario.
While HTTP servers should be Lets Encrypt compatible pretty quickly its going to be less of a case with other software that needs certs, e.g. mail servers.just read their FAQ and they specifically are only going to be issuing HTTP server compatible certs, so cert sellers still have a market - e.g. mail servers.That's f*cking weird dude. Wtf? Are you some wizard or something? How did you know? I am both a bitter old man AND the owner of Comodo. Wow, amazing, I'm stunned by your accuracy!
Some mail servers, murmurd and other daemons actually accept certificates like these.
Yes, I was already aware of it and If I remember well they have also opened beta testing.
You would need to apply for it.
Excuse my question but I never setup a mail server because I always used stuff like Mandrill, Sendgrid and etc plus Zoho/Yandex for custom domain e-mails hosting.
So here is the question: What is different from the SSL certificates for e-mail servers???
A lot of people have dozens or even hundreds of subdomains so that is not really practical for them. If it's for legit stuff it's worth it for them to continue buying commercial wildcard certs so not a big deal.
Does anyone know if Lets Encrypt supports control panels like cPanel and Directadmin?
How is it not practical? All the server will do is add another subdomain to an existing cert, or create a new cert - automatically. The user / server admin should have no interaction in the process it all, the plugin to your HTTP server does everything for you. It really is a completely different way of working than currently happens with SSL certs, and in a lot of ways its significantly better.
Bigger thing is they will never do EV certs, so for most commercial sites its not suitable.
cPanel staff are working on it. They even met th LetsEncrypt founder in a cPanel summit. I'm on cellphone, don't have the links here, there is a post about it and a cPanel feature request with many votes. It will take a bit, though.
yeah cpanel has a feature request for this https://features.cpanel.net/topic/provide-support-for-lets-encrypt-automated-certificate-management-ssl
if you have a non-standard apache or nginx build or non-ubuntu or non-debian OS, you might want to look into letsencrypt's web root authentication plugin which was recently merged into the master code.
webroot authentication plugin allows you to pass the nginx or apache or whatever web server's web root path to the letsencrypt client for simple HTTP verification to an existing HTTPS setup vhost that you created that supports the .well-known url with application/jose+json content type header
Here's how I use letsencrypt web root authentication integration into Centmin Mod LEMP stack for the latest letsencrypt client tool code https://community.centminmod.com/posts/19859/ (1st post above in that thread has more details). I plan to have Letsencrypt fully integrated into Centmin Mod's Nginx vhost auto generator once Letsencrypt client code is finalised
Inb4 pages selling SSL using LetsEncrypt xD
@MrGeneral @eva2000 Thanks for the information. Still wondering about Directadmin though, the only thing there is an unanswered forum post.
I don't have a problem with constructive criticism, but I find people too often give the impression that they think their preferred way is the only way that is right and anyone who doesn't make what they want possible had better sort their stuff out ASAP. People are taking the faults that they see personally.
"I think X is bad because Y", "A could be better in B", "there is no way I'd use C because D", "I'm not sure I see the point of E when F, G and H already exist" and similar are all fine and potentially useful discussion points.
Ad hominem attacks like "basically they are arrogant idiots" are, ironically, arrogant and idiotic IMO, even if they are arrogant idiots unless the arrogance or some other part of their behaviour is potentially damaging (perhaps spreading bad advice that lowers security) and/or is being forced on people.
Of course I may be reading the emotional level of what is written too strongly and accidentally stirring some of what I'm speaking against, text can be a bad medium for that...
So let me ask again
.
What exactly is so different with SSL certificates for mail servers?
Nothing?
So tell me why in the previous posts people make fuzz about it so much? Use a self signed certificate for mail server and done.
Self signed carries warnings, so if you've got clients and they use webmail then it's a no go.
You also don't want to go and have to install the cert manually on each machine that accesses that server.
Nothing. But to say the truth, I think that the first user to speak about mail server certificates got confused. He should be talking about S/MIME certificates that are, of course, structurally different from server certificates. Let's Encrypt will only generate server certificates. S/MIME certs (client certificates) and object code signing certificates will not be generated but you can actually user the CSR/KEY/CRT combination of a default Let's Encrypt SSL certificate to generate other certs type and it can be obviously automated using openssl tools.