Conversation
Notices
-
I have to say that Let's Encrypt is mighty convenient. It is somewhat alarming to let a very very very complicated and intricate piece of scripting run with root privileges, but it does do the job it's designed for, and does it good, as far as I can tell. !crypto !security
- abjectio, kat, ニコラス and Robert Kosten like this.
- Markus Kilås repeated this.
-
@pettter You don't need root privileges, at least not if you set it up yourself! (and if you'd for some privilige-related reason need root, you can always run everything as unpriviliged and then have a suid script that just runs 'cp' on two files :P)
-
No that's true, but it's mighty convenient to let the script handle everything including httpd.conf :)
-
@pettter Yes, but it needs a lot review as it runs as root ... :-/ That is currently for me the reason to switch to #letsencrypt. Currently I stay with some self-signed certificates and #CACert.
Oh, btw: My login to #StartSSL is no longer working (client certificate based). How can I fix this? Delete the local certificate and retry again?
-
@roland Well, there are a bunch of alternate clients popping up already. The basic ACME protocol and server infrastructure is sound, afaict, and the main problem with the (size of the) script is probably that it tries to do too many things automatically (reading and rewriting conf files, detecting webroots, vhosts and so on).
-
@pettter Argh, maybe a #bug in #Friendica. Only when I follow you, I can see your replies even when you send them me directly. :-(