Thanks Lonnie
Yes I should have created them as separate certs. Thanks for this.
I understand your point and yes I agree, however I am extremely time poor and
this has bought me some of it.
Regards
Michael Knill
On 6/10/19, 11:14 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Hi Michael,
> Is this all I need to do?
The acme.sh deploy script is here:
https://github.com/astlinux-project/astlinux/blob/master/package/acme/deploy/astlinux.sh#L42
For lighttpd, the values of HTTPSCERT and HTTPSCHAIN can be determined by
running this one-line script on your system:
--
( . /etc/rc.conf ; echo "HTTPSCERT=$HTTPSCERT" ; echo
"HTTPSCHAIN=$HTTPSCHAIN" )
--
Quite a few services can use ACME certificates, as seen in the astlinux.sh
deploy script.
Michael, acme.sh has been fixed upstream and we now include that fix in the
AstLinux Github repo and pre-release images.
This situation will not be the last time where an included package needs an
immediate update ... it does not happen often, but it does and will happen
again.
Lonnie
> On Oct 6, 2019, at 1:59 AM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Hi Group
>
> I'm bringing up this thread again in light of the hassle with ACME Cert
generation in the current stable release.
> I thought I would try out a cheap Comodo Wildcard SSL Cert as I get 30
days money back guarantee.
>
> It appears to now be working fine with a direct replacement of
webinterface.pem & https_ca_chain.pem and a Lighttpd restart.
> Is this all I need to do?
>
> Other than an update in a year, which looks pretty easy to do, does
anyone see any issues with this?
> I may even decide to go back to ACME then if things are running ok.
>
> Regards
> Michael Knill
>
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Thursday, 11 April 2019 at 12:34 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] ACME (Let's Encrypt) Certificates Vs
Wildcard SSL certificates
>
> Hi Michael,
>
>
>> but the way I see it is that we could just purchase a Wildcard SSL
certificate instead of using ACME which seems a bit of a hassle.
>> Am I correct?
>
>
> IMO, using automatic ACME certs in AstLinux is the least-hassle approach
... after the initial setup.
>
> The hassle with a 1-2 year Wildcard SSL cert (other than the cost) is it
needs to be deployed and updated to all the boxes, even if only every 1-2
years. You would need to create some sort of CRON script to do that, and
probably with authentication.
>
> If you go through the trouble of creating a Wildcard SSL cert
deploy/update system, you just as well mint your own Let's Encrypt Wildcard
Certs at a central location, at no cost every two months.
>
> You need to weigh the pros/cons for your situation, I use Cloudflare for
my ACME DNS validation, and after many renewals for many boxes using
non-wildcard certs, it just works.
>
> Lonnie
>
>
>
>
>
>> On Apr 10, 2019, at 5:34 AM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>>
>> Hi Group
>>
>> As I am looking to encourage the use of web portals that we have built
into Astlinux, I am having to consider the use of non self signed certificates
to stop the browser complaining.
>> The web interface for all our systems is accessible with <customer
id>.ibcaccess.net.
>> Forgive me for my ignorance but I'm not that good with SSL certificates
but the way I see it is that we could just purchase a Wildcard SSL certificate
instead of using ACME which seems a bit of a hassle.
>> Am I correct?
>>
>> Regards
>> Michael Knill
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
>
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
