On Mon, Feb 29, 2016 at 12:05:47AM +0000, Lucius Rizzo wrote: > You have a few options. All involve the use of openssl to generate key or csr > > See https://www.madboa.com/geek/openssl/ > > 1. Create a self signed cert and point Postfix to use ssl key and pem which > was self generated > 2. Use letsencrypt (HIGHLY recommended). IMHO, the introduction of > letsencrypt will kill the basic ssl cert signed market. > 3. Get a signed cert from namecheap. (You can alway buy a throwaway domain > and add positivessl cert for a year for US $1.99
I am currently using free certificates from StartSSL. I looked at letsencrypt, but I couldn't make any sense of it - can somebody explain (from an admin point of view) how that is supposed to work? Of course I will NOT install arbitrary 3rd party server side software (where my server OS isn't even officially supported) to handle important things like certificate renewals when it is a very simple task to do just once a year. Given all the hype about it, I am sure I must be missing something. What is it? Martin
