Let's Encrypt! #security
After applying to join the Let's Encrypt beta program a while back, I got an email with an invite for the domains I registered.
Yesterday I set it up, using the '--standalone' mode of the letsencrypt-auto program - so I had to close down the webserver while it ran - and configured Apache to use the certificate obtained.
Very nice, and very nice job by the people working on Let's Encrypt!
I missed a good handful of my (sub)domains, so I have applied for those, and I am planning to get a certificate for use by my mail server, and one for my XMPP server next.
And then I need to automate the renewal of certificates - Let's Encrypt have chosen than certificates are valid for 90 days, making the downside of a security breach relatively small, while also encouraging people to automate the process.
Add comment
To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Twitter, Facebook, Google or even Microsoft GitHub.
I have chosen to use a more old school method of spam prevention.
To post a comment here, you need to:
- Configure a newsreader¹ to connect to the server
- Open the newsgroup called
¹ Such as Thunderbird, Pan, slrn, tin or Gnus (part of Emacs).koldfront.dk
on port1119
using nntps (nntp over TLS).lantern.koldfront
and post a follow up to the article.Or, you can fill in this form: