* Re: Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates)
@ 2021-06-01 13:20 99% ` karl
0 siblings, 0 replies; 1+ results
From: karl @ 2021-06-01 13:20 UTC (permalink / raw
To: gentoo-user
Karl:
> Michael Orilitzky:
Sorry, I mistyped, it should be: Peter Humphrey
> ...
> > * The LetsEncrypt certificates expire after three months, as opposedÂ
> > to 10+ years for a self-signed certificate. You're supposed toÂ
> > automate this... by running a script as root that takes input fromÂ
> > the web? I'd rather not do that.
>
> You can run most part of it as an unpriviliged user, here is my crontab:
> 0 0 1 * * acme /usr/local/sbin/acme_update.sh
> 10 0 1 * * root cat /etc/acme-tiny/domain.key /var/acme-tiny/signed_chain.crt > /etc/lighttpd/server.pem
> 20 0 1 * * root /etc/init.d/lighttpd restart
>
> One could add a check to make sure that the downloaded crt is sensible.
>
> > * LetsEncrypt verifies your identity over plain HTTP (like every otherÂ
> > commercial CA), so it's all security theater in the first place.
> ...
>
> Ack.
Regards,
/Karl Hammar
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2021-05-29 1:08 [gentoo-user] app-misc/ca-certificates zcampe
2021-06-01 5:15 ` William Kenworthy
2021-06-01 10:44 ` Letsencrypt (was Re: [gentoo-user] app-misc/ca-certificates) karl
2021-06-01 11:17 ` J. Roeleveld
2021-06-01 11:40 ` Michael Orlitzky
2021-06-01 13:17 ` karl
2021-06-01 13:20 99% ` karl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox