On 13.05.2021 13:05, Andreas Fink wrote:
(yes people, Let's Encrypt is not the only game... if you do ACME for
your systems, also setup zero ssl and issue certs from both places at
the same time, just in case LE ever has an issue, though that will be
resolved rather quickly with 72% marketshare (https://ct.cloudflare.com)
Cloudflare's juristiction is definitively a red flag for me.
Cloudflare is a good idea, but the service is a direct Drill into the
security, as they are man in the middle decrypting ssl in there network
and crypt again on the exitpoint
all those CA's are even a security Risk, doesn't matter how big the
promisses are ;)
back to your ACME problem, what i have done setup nginx and let
letsencrypt do the job and then used the files, a simple copy job copy
them over
if it comes just to webmail and SSL use an nginx as proxy doing the job
.. encrypted from the client to the frontend (nginx) then plain to the
backend
just my 5 cent ... Roger
_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
