Followup, One disadvantage of generating local ACME certificates (using DNS validation) is your DNS provider's credentials are needed on each AstLinux box.
Lonnie > On Apr 10, 2019, at 9:30 AM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > > Hi Michael, > >> but the way I see it is that we could just purchase a Wildcard SSL >> certificate instead of using ACME which seems a bit of a hassle. >> Am I correct? > > > IMO, using automatic ACME certs in AstLinux is the least-hassle approach ... > after the initial setup. > > The hassle with a 1-2 year Wildcard SSL cert (other than the cost) is it > needs to be deployed and updated to all the boxes, even if only every 1-2 > years. You would need to create some sort of CRON script to do that, and > probably with authentication. > > If you go through the trouble of creating a Wildcard SSL cert deploy/update > system, you just as well mint your own Let's Encrypt Wildcard Certs at a > central location, at no cost every two months. > > You need to weigh the pros/cons for your situation, I use Cloudflare for my > ACME DNS validation, and after many renewals for many boxes using > non-wildcard certs, it just works. > > Lonnie > > > > >> On Apr 10, 2019, at 5:34 AM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Hi Group >> >> As I am looking to encourage the use of web portals that we have built into >> Astlinux, I am having to consider the use of non self signed certificates to >> stop the browser complaining. >> The web interface for all our systems is accessible with <customer >> id>.ibcaccess.net. >> Forgive me for my ignorance but I'm not that good with SSL certificates but >> the way I see it is that we could just purchase a Wildcard SSL certificate >> instead of using ACME which seems a bit of a hassle. >> Am I correct? >> >> Regards >> Michael Knill >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
