* Re: Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates)
@ 2021-06-01 13:17 99% ` karl
0 siblings, 0 replies; 1+ results
From: karl @ 2021-06-01 13:17 UTC (permalink / raw
To: gentoo-user
Michael Orilitzky:
...
> * The LetsEncrypt certificates expire after three months, as opposedÂ
> to 10+ years for a self-signed certificate. You're supposed toÂ
> automate this... by running a script as root that takes input fromÂ
> the web? I'd rather not do that.
You can run most part of it as an unpriviliged user, here is my crontab:
0 0 1 * * acme /usr/local/sbin/acme_update.sh
10 0 1 * * root cat /etc/acme-tiny/domain.key /var/acme-tiny/signed_chain.crt > /etc/lighttpd/server.pem
20 0 1 * * root /etc/init.d/lighttpd restart
One could add a check to make sure that the downloaded crt is sensible.
> * LetsEncrypt verifies your identity over plain HTTP (like every otherÂ
> commercial CA), so it's all security theater in the first place.
...
Ack.
Regards,
/Karl Hammar
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-29 1:08 [gentoo-user] app-misc/ca-certificates zcampe
2021-06-01 5:15 ` William Kenworthy
2021-06-01 10:44 ` Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates) karl
2021-06-01 11:17 ` J. Roeleveld
2021-06-01 11:40 ` Michael Orlitzky
2021-06-01 13:17 99% ` karl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox