SSL Certificates
-
@aaronstuder said in SSL Certificates:
@BRRABill said in SSL Certificates:
@aaronstuder said
My hope is that Let's Encrypt is going to force paid for SSL certs to be more reasonable.
Maybe I'm lucky, but I'm not sure how much cheaper it can get that $5.
I mean, a beer costs more than that, and I drink a lot of beer.
Right, but I would love a $20 a year wildcard cert
Other than loss of something there's no reason that wildcard certs need to cost any more than a single entry quote. The whole thing was just a way to make money!
-
@JaredBusch How do you do that?
-
@aaronstuder said in SSL Certificates:
@JaredBusch How do you do that?
On the proxy of course. NodeBB is not exposed directly. NodeBB runs on a non-standard port that the proxy just redirects to.
-
@JaredBusch No, I get that part. How do you get a cert with sub-domains?
-
@aaronstuder said in SSL Certificates:
@JaredBusch No, I get that part. How do you get a cert with sub-domains?
They're called wildcard certs, and the same place you'd buy a normal cert.
-
@travisdh1 said in SSL Certificates:
@aaronstuder said in SSL Certificates:
@JaredBusch No, I get that part. How do you get a cert with sub-domains?
They're called wildcard certs, and the same place you'd buy a normal cert.
Your missing the point. He has a Let's Encrypt Wildcard Cert. - They don't offer wildcard certs....
-
@aaronstuder
This, maybe?
Can I get a certificate for multiple domain names (SAN certificates)?
Yes, the same certificate can apply to several different names using the Subject Alternative Name (SAN) mechanism. The Let's Encrypt client automatically requests certificates for multiple names when requested to do so. The resulting certificates will be accepted by browsers for any of the domain names listed in them. -
@BRRABill said in SSL Certificates:
@aaronstuder
This, maybe?
Can I get a certificate for multiple domain names (SAN certificates)?
Yes, the same certificate can apply to several different names using the Subject Alternative Name (SAN) mechanism. The Let's Encrypt client automatically requests certificates for multiple names when requested to do so. The resulting certificates will be accepted by browsers for any of the domain names listed in them.The Let's Encrypt client software will get you certs for every domain being served tho. No need for a wildcard when you can
letsencrypt-auto
And get certs for every valid domain being served on the server?
-
@travisdh1 right. No where did I say it was a wildcard.
-
A SAN cert is not a WildCard cert.
-
Side note, I need to run the renew script. I never got the warning email
-
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
-
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that. -
@BRRABill said in SSL Certificates:
I've seen a lot of discussion here recently about SSL certificates.
I will admit to being a little under educated in this arena.
I currently use GoDaddy to get an SSL certificate for my internal mail server, mainly just so users don't get the warnings.
Are there free certificates available that would accomplish this purpose? Or a better way of doing this?
Then why are you paying so much to Godaddy for basic ssl certificate? Because this type of single domain validation ssl certificate (standard ssl) available at very affordable price. Checkout https://www.cheapsslcouponcode.com/coupons/standard-domain-ssl this coupon code site.
-
@JaredBusch said in SSL Certificates:
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that.People have already published scripts for it. I've got a monthly one that I'm still waiting for the first run, so I don't know how well it works yet.
-
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that.People have already published scripts for it. I've got a monthly one that I'm still waiting for the first run, so I don't know how well it works yet.
Right, but i have always had CloudFlare running in front of my stuff. I have to turn that off before I can run the scripts.
-
@JaredBusch said in SSL Certificates:
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that.People have already published scripts for it. I've got a monthly one that I'm still waiting for the first run, so I don't know how well it works yet.
Right, but i have always had CloudFlare running in front of my stuff. I have to turn that off before I can run the scripts.
Does CloudFlare run like other system services? If you can run a command and have it turned on/off, then you can just add it to the script.... yeah, I actually created a script to put in a cron job rather than try to have it all on a one-liner in cron.
-
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that.People have already published scripts for it. I've got a monthly one that I'm still waiting for the first run, so I don't know how well it works yet.
Right, but i have always had CloudFlare running in front of my stuff. I have to turn that off before I can run the scripts.
Does CloudFlare run like other system services? If you can run a command and have it turned on/off, then you can just add it to the script.... yeah, I actually created a script to put in a cron job rather than try to have it all on a one-liner in cron.
It is an external service, so you would need access to an API to do that.
-
@scottalanmiller said in SSL Certificates:
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that.People have already published scripts for it. I've got a monthly one that I'm still waiting for the first run, so I don't know how well it works yet.
Right, but i have always had CloudFlare running in front of my stuff. I have to turn that off before I can run the scripts.
Does CloudFlare run like other system services? If you can run a command and have it turned on/off, then you can just add it to the script.... yeah, I actually created a script to put in a cron job rather than try to have it all on a one-liner in cron.
It is an external service, so you would need access to an API to do that.
Well.... that's a little more difficult then
-
@travisdh1 said in SSL Certificates:
@scottalanmiller said in SSL Certificates:
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@travisdh1 said in SSL Certificates:
@JaredBusch said in SSL Certificates:
@Dashrender said in SSL Certificates:
@JaredBusch said in SSL Certificates:
Side note, I need to run the renew script. I never got the warning email
That sucks. The renewal period is so short though, setting up a cron job to do it before expiration seems only sensible.
I have not setup a job yet because things keep changing with the process.
but now that it is out of beta officially, I should probably look at doing that.People have already published scripts for it. I've got a monthly one that I'm still waiting for the first run, so I don't know how well it works yet.
Right, but i have always had CloudFlare running in front of my stuff. I have to turn that off before I can run the scripts.
Does CloudFlare run like other system services? If you can run a command and have it turned on/off, then you can just add it to the script.... yeah, I actually created a script to put in a cron job rather than try to have it all on a one-liner in cron.
It is an external service, so you would need access to an API to do that.
Well.... that's a little more difficult then
Just a bit. You CAN turn it off easily by hand, run the script and turn it back on again.