We need to know what we are hosting before we can make any determination
here... Last I've heard, the plan was to start with github's hosting
facility and to put either cloudflare or cloudfront in front (since
github doesn't do SSL). If it turns out that we have a fully static
website, I suggest we do s3 + cloudfront (SSL all the way instead). I
have said that I would take care of it and I will, provided the new
website materialises.

There are numerous related quirks that need ironing out; Fred pins the
certificate authority FPI uses to securely fetch plugins and last-resort 
updates... this means that changing the CA we use will take a mandatory
release (which obviously involves some planning).

By the way, we need to plan for the mailserver / mailman too (this is
also reliant on having a valid certificate as currently configured).

Florent

On Tue, 2017-02-21 at 14:26 -0500, Steve Dougherty wrote:
> Sure, I'll discuss this with nextgens.
> 
> 
> 
> 
> 
> 
> -------- Original Message --------
> On Feb 21, 2017, 11:42 AM, Ian wrote:
> 
> 
> 
> Steve, are you in a position to take ownership of this task (renewing
> our cert and migrating to Let's Encrypt)?
> 
> What about using AWS, don't they do free certs now? It seems like
> Florent is keen on migrating everything to AWS (except for what's on
> Github), if so it might be nice to have the cert through AWS too (and
> AWS has good multi-user functionality).
> 
> Ian.
> 
> 
> 
> 
> 
> 
> 
> 
> On Tue, Feb 21, 2017 9:31 AM, Steve Dougherty  st...@asksteved.com
> wrote:
> 
> -------- Original Message --------
> 
> 
> 
> 
> Subject: Re: [freenet-dev] 5 weeks till our SSL certificate expires
> 
> Local Time: February 21, 2017 8:07 AM
> 
> UTC Time: February 21, 2017 1:07 PM
> 
> From: i...@locut.us
> 
> To: Discussion of development issues <devl@freenetproject.org>,
> Florent Daignière <nextg...@freenetproject.org>
> 
> 
> 
> 
> Did we migrate over to AWS for SSL? I'm not at all familiar with how
> this is
> 
> set up - who is? Florent?
> 
> 
> 
> 
> We bought an SSL cert from Alpha SSL and use it with Apache on osprey.
> My inclination would be to move to Let's Encrypt.
> 
> _______________________________________________
> 
> Devl mailing list
> 
> Devl@freenetproject.org
> 
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
> _______________________________________________
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Reply via email to