ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. lets encrypt
    Log in to post
    • All categories
    • Pete.S

      Do you add CAA records to your DNS records?
      IT Discussion • lets encrypt dns • • Pete.S

      6
      1
      Votes
      6
      Posts
      1019
      Views

      JaredBusch

      @marcinozga said in Do you add CAA records to your DNS records?:

      Yes, but word of caution. If you get certs from multiple different providers, don't forget to add records for all of them. Otherwise getting certs will fail, and it's almost impossible to troubleshoot.

      Yes, like this.
      caae902b-b24b-46a0-9102-6267aa67770a-image.png

    • Pete.S

      Validation when renewing let's encrypt?
      IT Discussion • lets encrypt certbot certificates • • Pete.S

      3
      0
      Votes
      3
      Posts
      100
      Views

      Pete.S

      @JaredBusch said in Validation when renewing let's encrypt?:

      @Pete-S said in Validation when renewing let's encrypt?:

      When LE certs are renewed are they using the same type of validation again as when they are created?

      (We're using certbot)

      They should, yes.

      OK, thanks.

    • gjacobse

      Unsolved NextCloud SSL Cert
      IT Discussion • nc nextcloud ssl lets encrypt hostmonster • • gjacobse

      7
      0
      Votes
      7
      Posts
      172
      Views

      JaredBusch

      @scottalanmiller said in NextCloud SSL Cert:

      @JaredBusch hard to resist the call of the Natty Light.

      I ran out of Blue Moon.

    • Pete.S

      Is certbot the best way to handle Let's Encrypt certs?
      IT Discussion • lets encrypt certbot • • Pete.S

      6
      0
      Votes
      6
      Posts
      136
      Views

      stacksofplates

      @Pete-S said in Is certbot the best way to handle Let's Encrypt certs?:

      @stacksofplates said in Is certbot the best way to handle Let's Encrypt certs?:

      Lego is another good one from what I've seen. It does all 3 challenge types.

      https://go-acme.github.io/lego/

      Thanks, might have a look at it next time.

      I went with certbot this time because it was very clear what needed to be done. Debian has a package for it's all you need to do is have a http server up and running and then:

      # apt-get install certbot python-certbot-apache # certbot --apache

      It will do everything for you - create & install the certificate, set up redirection from http to https, set up a job that updates the cert etc.

      The site has instructions for every common OS (redhat, ubuntu etc) and http daemon (apache, nginx etc) combination.
      https://certbot.eff.org/lets-encrypt/debianbuster-apache

      Yeah certbot is the easiest. Lego is just more flexible and you only need the binary. Def start with the easiest for now.

    • Dashrender

      MeshCental 2 Config File Issues
      IT Discussion • meshcentral meshcentral 2 lets encrypt dashrender • • Dashrender

      30
      0
      Votes
      30
      Posts
      696
      Views

      Dashrender

      @Ylian
      Any thoughts on why my system is demanding having the "cert": line added?

      I did do a startup based on the install instructions

      node ./node_modules/meshcentral --cert example.servername.com

      Does that put the hostname somewhere other than the config.json?

    • dbeato

      Exchange 2013/2016 Cumulative Updates failing to Apply with Let's Encrypt Cert
      IT Discussion • exchange 2016 lets encrypt cumulative update update updates • • dbeato

      1
      3
      Votes
      1
      Posts
      359
      Views

      No one has replied

    • P

      Ubuntu 19.04 upgraded from 18.10 - Meshcentral not redirecting port 80
      IT Discussion • meshcentral ubuntu 19.04 lets encrypt port 80 • • pmoncho

      38
      0
      Votes
      38
      Posts
      549
      Views

      JaredBusch

      @scottalanmiller said in Ubuntu 19.04 upgraded from 18.10 - Meshcentral not redirecting port 80:

      @pmoncho said in Ubuntu 19.04 upgraded from 18.10 - Meshcentral not redirecting port 80:

      @scottalanmiller said in Ubuntu 19.04 upgraded from 18.10 - Meshcentral not redirecting port 80:

      @pmoncho said in Ubuntu 19.04 upgraded from 18.10 - Meshcentral not redirecting port 80:

      I would need to move it outside of home dir to something like /opt?

      Should, of course. No software ever goes in the /home directory. But need to? No, root can use any directory.

      Will work on this. Thanks

      If you are using NeDB, it is super simple to move the data file. If you are using MongoDB, the database is always still there on the same port.

      Until MongoDB is gone!

    • IRJ

      WordPress website migration
      IT Discussion • wordpress migration lets encrypt • • IRJ

      20
      0
      Votes
      20
      Posts
      318
      Views

      wirestyle22

      @IRJ This would be a heck of a guide if you ever get the time to do it

    • IRJ

      Solved WordPress admin page redirecting to IP
      IT Discussion • wordpress apache lets encrypt • • IRJ

      4
      0
      Votes
      4
      Posts
      117
      Views

      WLS-ITGuy

      @JaredBusch said in WordPress admin page redirecting to IP:

      Is the site URL correct in the settings

      Been there many times :angry_face:

    • WLS-ITGuy

      Let's Encrypt Windows Server
      IT Discussion • lets encrypt windows server 2016 ssl certificates • • WLS-ITGuy

      20
      1
      Votes
      20
      Posts
      420
      Views

      WLS-ITGuy

      @scottalanmiller said in Let's Encrypt Windows Server:

      @WLS-ITGuy said in Let's Encrypt Windows Server:

      @JaredBusch you don't have any issues with agents checking in or pushing out updates with the RP?

      What would be the concern?

      Curious more than anything.

    • JaredBusch

      Solved MeshCentral LE production cert
      IT Discussion • meshcentral meshcentral 2 lets encrypt • • JaredBusch

      25
      1
      Votes
      25
      Posts
      536
      Views

      A

      Anyone? I went thru manuals evrything seems ok but no success. LetsEncrypt subfolder is not created even if production is false

      This is my config.json

      {
      "settings": {
      "cert": "MyDomain",
      "wanonly": true,
      "_minify": true,
      "letsencrypt": {
      "email": "MyEmail",
      "names": "MyDomain",
      "rsaKeySize": 3072,
      "production": true
      },
      "webrtc": true,
      "allowhighqualitydesktop": true },
      "domains": {
      "": {
      "title": "RDP support"
      }
      }
      }

    • dbeato

      Zimbra Certbot Scripts
      IT Discussion • zimbra certbot lets encrypt • • dbeato

      15
      1
      Votes
      15
      Posts
      597
      Views

      scottalanmiller

      @EddieJennings said in Zimbra Certbot Scripts:

      Since acquiring and renewing a certificate can be automated with Certbot, would it make sense to have the cert in two places? HTTP/HTTPS traffic passes through your ngingX VM, which receives its certificate through its own instance of Certbot. And you have a second instance of certbot that functions on the Zimbra server itself, so you have a cert for IMAP and SMTP connections.

      Or, for you, does it not matter that IMAP and SMTP connections are unencrypted? Since beyond your own mail server, there's no guarantee that encrypted connections will exist.

      You could, but it would still be such a pain to automate as certbot can't renew the certs alone for Zimbra, that you might as well just use one.

    • scottalanmiller

      Anyone Tried MeshCentral with LetsEncrypt?
      IT Discussion • meshcentral lets encrypt • • scottalanmiller

      12
      1
      Votes
      12
      Posts
      961
      Views

      notverypunny

      https://drive.google.com/drive/folders/11AyoZGllxZ5tenyMQ2_b1DDo7c2-Znhc?usp=sharing

    • wirestyle22

      Deprecation of the TLS-SNI challenge
      IT Discussion • certbot lets encrypt • • wirestyle22

      7
      1
      Votes
      7
      Posts
      458
      Views

      JaredBusch

      @wirestyle22 so much to work on....

    • dbeato

      Setup LetsEncrypt Certbot with CLoudFlare DNS authentication (Ubuntu)
      IT Discussion • nginx lets encrypt cloudflare certbot dns ubuntu 18.04 • • dbeato

      6
      4
      Votes
      6
      Posts
      11712
      Views

      scottalanmiller

      @aboka said in Setup LetsEncrypt Certbot with CLoudFlare DNS authentication (Ubuntu):

      hi, thanks for sharing this guide, would like to ask, what port does ppa:certbot use? im running nginx and its already using 80 & 443. i need to find a way to renew the cert when using Cloudflare as the common way(certbot renew) will not work. thank you.

      There are certbot options to use the running server (Nginx in this case.) But I agree with Jared, better to use DNS.

    • dbeato

      Exchange 2016 Let's Encrypt Setup
      IT Discussion • lets encrypt microsoft exchange ssl certificates exchange 2016 win-acme • • dbeato

      28
      1
      Votes
      28
      Posts
      9147
      Views

      JaredBusch

      EMC shows it is assigned to all services and the schedule task is there.

      Calling this a win.

    • scottalanmiller

      Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt
      IT Discussion • ssl ssl certificates lets encrypt iis windows windows server acme ssl wildcard • • scottalanmiller

      19
      5
      Votes
      19
      Posts
      12343
      Views

      scottalanmiller

      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

      @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

      @scottalanmiller said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

      @phlipelder said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

      @jaredbusch said in Get Wildcard SSL Certs for IIS on Windows with LetsEncrypt:

      @scottalanmiller my problem with Certs on Windows, in general, is that you almost always have to copy it around to multiple servers to make everything work well, and that jsut defeats the purpose of LE.

      Based on what is on the site, Microsoft has an intrinsic trust with LE's root store. I should be able to set up a RD Session Host with a LE certificate for publishing and there should be no untrusted publisher for RemoteApps or Session Host desktops once the certificate's thumbprint is published via Group Policy?

      One would hope that they would. LE is like the standard in SSL Certs. It's from the EFF, way more trustworthy than other cert authorities, IMHO.

      Snag: Valid for 90 days. In larger RDS farm settings this would be a bear to manage. That means the need for an automated process.

      It is expected to be automated. SSL Cert updates should not be intrusive. All of the tools for LE SSL Certs are designed around the idea that you will automate them and never need to worry about them again. It's about being less of a snag, not more of one.

      Got it thanks. Looks like a bit of a learning curve then. 🙂

      It's not bad. I find learning the LE pieces easier than learning to do it the old fashioned way 🙂 And with LE it is "learn once and ignore", rather than "learn once, forget, do again in a year or two all over again."

    • JaredBusch

      Looking to migrate Nginx and LetsEncrypt
      IT Discussion • nginx centos fedora lets encrypt • • JaredBusch

      19
      3
      Votes
      19
      Posts
      990
      Views

      JaredBusch

      @stacksofplates said in Looking to migrate Nginx and LetsEncrypt:

      @jaredbusch said in Looking to migrate Nginx and LetsEncrypt:

      @stacksofplates said in Looking to migrate Nginx and LetsEncrypt:

      If you start over with a new system so you still get notifications of old certs expiring? Aren't these handled at the domain level so it knows that a new system has a newer cert? Honestly asking since I haven't run into this yet.

      No. It is handled on the cert serial number level.

      Ah ok.

      I've moved things in the past by simply reissuing on the new server, and dealing with the expiring certs is an annoyance.

    • DustinB3403

      XOCE and Let's Encrypt
      IT Discussion • xen orchestra community certbot lets encrypt ssl https • • DustinB3403

      10
      0
      Votes
      10
      Posts
      1475
      Views

      DustinB3403

      And this person has a full guide https://xcp-ng.org/forum/topic/3775/xen-orchestra-from-source-with-let-s-encrypt-certificates

    • StuartJordan

      Remote Desktop Services & Lets Encrypt
      IT Discussion • rds lets encrypt • • StuartJordan

      4
      2
      Votes
      4
      Posts
      2161
      Views

      dafyre

      @jaredbusch said in Remote Desktop Services & Lets Encrypt:

      @stuartjordan said in Remote Desktop Services & Lets Encrypt:

      There is also one for Exchange as well:
      https://mediarealm.com.au/articles/lets-encrypt-microsoft-exchange-installation/

      Man, I just do not think I can trust all the pieces involved here to properly work together in an automated fashion.

      Exchange is generally fine. LE is generally fine. The scripts are generally fine.

      But any single issue with one will blow crap up.

      I think it'd still be worth a look. It could work out to be a nice time saver to set it up once and not have to worry about it.