Is anyone using LET Providers for production?

Comments

• ralf Member

  December 2024 edited December 2024

  @network said:

  @ralf said: round-robin DNS

  Nice, I'm planning to try that out myself with 2 low end boxes. Currently trying to figure out how this will work with LetsEncrypt SSL certificates.

  I use this makefile on my certbot VM:

  all: de.tar
  
  DOMS = mydomain.com otherdomain.com anotherdomain.com
  
  PEMS = $(patsubst %,%.pem,$(DOMS))
  
  hetz: haproxy-hetz.mydomain.com.apply
  eu: eu.mydomain.com.apply
  sg: sg-haproxy.mydomain.com.apply
  
  eu.mydomain.com.tar: $(PEMS) eu.mydomain.com.pem
          tar cf $@ $?
  
  sg-haproxy.mydomain.com.tar: $(PEMS) sg.mydomain.com.pem
          tar cf $@ $?
  
  haproxy-hetz.mydomain.com.tar: $(PEMS) de.mydomain.com.pem
          tar cf $@ $?
  
  %.apply: %.tar
          cat $< | ssh root@$* /root/update-pem
  
  %.pem: .renew
          cat /etc/letsencrypt/live/$*/fullchain.pem /etc/letsencrypt/live/$*/privkey.pem >$@
  
  .renew:
          certbot renew -q --standalone --http-01-port 8080 --preferred-challenges http-01
  

  And then cron jobs (on different days, so I have some time to notice a failure without them all going down at the same time): e.g. 9 6 * * 1 make -C /root hetz

  The /root/update-pem on each haproxy instance looks like:

  #!/bin/sh
  mkdir -p /etc/haproxy/certs
  mkdir -p /etc/haproxy/certs.old
  mv /etc/haproxy/certs/* /etc/haproxy/certs.old
  tar -C /etc/haproxy/certs -x -f-
  chown haproxy /etc/haproxy/certs/*.pem
  chmod 600 /etc/haproxy/certs/*.pem
  /etc/init.d/haproxy restart
  

  EDIT: oh, and the important stuff on the haproxy instances in the config:

          # Default SSL material locations
          ca-base /etc/ssl/certs
          crt-base /etc/ssl/private
  
    bind *:80
    bind *:443 ssl crt /etc/haproxy/certs/
    bind :::80
    bind :::443 ssl crt /etc/haproxy/certs/
  
    acl url_android_assetlinks path /.well-known/assetlinks.json
    acl url_certbot path_beg /.well-known/
    http-request redirect scheme https if !{ ssl_fc } !url_certbot
    use_backend web_pool if url_android_assetlinks
    use_backend certbot if url_certbot
  
  backend certbot
    server certbot 192.168.x.x:8080
  

  Where 192.168.x.x is the wireguard IP of the certbot VM, so that the HTTP authentication works whichever host ends up serving the auth request for that domain.

  Thanked by 3emgh network s12321
• Verasel Member

  December 2024

  I have customers, from various niches using providers such as:

  • ColoCrossing
  • FranTech
  • DataWagon
  • InterServer
  • ReliableSite
  • Hetzner (obviously)

  I am probably forgetting of a couple, but most of these are quite stress-tested and will work for production just as fine, except in some cases, such as with FranTech, you probably have to do 2 VM's in conjunction in case one node has a failure, etc.

  But generally speaking, you won't have issues with any of aforementioned providers.
• BradMcA Member

  December 2024

  @NameCrane so far so solid for direct admin reseller

  Thanked by 2emgh NameCrane
• rcy026 Member

  December 2024

  @plumberg said:

  @rcy026 said:

  @plumberg said:

  @rcy026 said:

  @plumberg said:

  @sandro said:
  Also how can GreenCloudVPS (mentioned a lot) be reliable for production with these very low prices? https://greencloudvps.com/billing/store/budget-kvm-sale

  Why does high price equate high quality?

  It does not, but a low price means corners are cut somewhere. High price does not automatically mean high quality, but a low price can only get you so much quality.

  Generally speaking, yes.
  But this was specifically commented for GreenCloud. I do not see them cutting corners anywhere. Their service has been top notch. Support very responsive and helpful.

  The general consensus and I have a few services with them and they have been as reliable as one could imagine. Infact surpassing what one would typically pay for that quality of support and service.

  .

  What I meant was that there is a reason some vps's cost hundreds of dollars a month, while some costs $7 per year.

  I am curious on what your thoughts would be if Aws/ Azure or gcp offered services at 7/ year.
  Just hypothetical.

  They do, some of them even have a free tier.
  But those services do come with limitations, such as basically no SLA, not support, no guarantees. So once again, if you accept those limitations, it's a perfect product for you. If you have high demands when it comes to reliability and need guarantees, it is not.

  If you think the big ones would offer the kind of products I talk about for $7/year, that's not gonna happen, it is not even theoretically possible unless they are prepared to take a huge economic loss, which they are not. They did not get big by being stupid.
  Small players simply cant provide it since they don't have the resources for it, they don't have the infrastructure needed and even if they did they don't have enough money to be able to take the loss of selling it for $7.
  So as I said, those kind of products costs a lot more than $7 and there is a reason for it.
• rcy026 Member

  December 2024

  @plumberg said:

  In one of my work projects, the company had invested over 100M$ to Azure and still the response times / acknowledgement of issues by support took long time to acknowledge, let alone be fixed.

  If that was the case, why did you use Azure? It certainly does sound like they were unable to deliver what you needed.

  As I have said several times now, high price does not automatically mean high quality. That would be an insanely stupid assumption to make.
  But a very low price mean that there are some limitations. That is a completely logical and sane assumption to make.