Re: OT: SSL certificates

[Gabor Szabo]

On Tue, Mar 8, 2016 at 9:47 PM, shimi  wrote:

> On Tue, Mar 8, 2016 at 9:33 PM, Gabor Szabo  wrote:
>
>> I am trying letsencrypt.org . 
>> I just cloned their repo and started to follow their instructions, but
>> then they say "nginx support is experimental, buggy, and not installed by
>> default" and I am using nginx for most of my servers. I guess their nginx
>> support will come soon and I can wait a bit though I wonder, have any of
>> you used it on nginx?
>>
>>
> When they say 'nginx support' they mean 'automatically configuring nginx
> for you'. There are plenty other ways (including manual, with other clients
> that doesn't force you to provide them with root access to your machine) to
> just issue the cert from a CSR, and install the cert normally on any web
> server you want. See for example
> https://tty1.net/blog/2015/using-letsencrypt-in-manual-mode_en.html and
> https://github.com/diafygi/letsencrypt-nosudo
>


Very useful links. Thanks

Gabor
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[shimi]

On Tue, Mar 8, 2016 at 9:33 PM, Gabor Szabo  wrote:

> I am trying letsencrypt.org . 
> I just cloned their repo and started to follow their instructions, but
> then they say "nginx support is experimental, buggy, and not installed by
> default" and I am using nginx for most of my servers. I guess their nginx
> support will come soon and I can wait a bit though I wonder, have any of
> you used it on nginx?
>
>
When they say 'nginx support' they mean 'automatically configuring nginx
for you'. There are plenty other ways (including manual, with other clients
that doesn't force you to provide them with root access to your machine) to
just issue the cert from a CSR, and install the cert normally on any web
server you want. See for example
https://tty1.net/blog/2015/using-letsencrypt-in-manual-mode_en.html and
https://github.com/diafygi/letsencrypt-nosudo

HTH,

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Gabor Szabo]

I am trying letsencrypt.org . 
I just cloned their repo and started to follow their instructions, but then
they say "nginx support is experimental, buggy, and not installed by
default" and I am using nginx for most of my servers. I guess their nginx
support will come soon and I can wait a bit though I wonder, have any of
you used it on nginx?

regards
  Gabor




On Tue, Mar 8, 2016 at 8:27 AM, Michael Tewner  wrote:

> As far as I know, letsencrypt.org certs are only good for 90 days, and
> you'll want to have a script automatically renew and replace the cert in
> the background all the time.
> I like https://www.namecheap.com , as it helps you find the cheapest
> between different CA's.
> CACert is worthy of this community's support, but as you mentioned, their
> certs aren't included in any browsers or OS's.
>
>
>
> On Tue, Mar 8, 2016 at 7:24 AM, Baruch Siach  wrote:
>
>> Hi Gabor,
>>
>> On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
>> > A found plenty of companies offering SSL certificates. One of them
>> > https://www.ssl.com/
>> > that was recommended by the domain registrar I am using had
>> > $177 / year for the first 3 hostname and then $49 / year for each
>> > additional hostname and $129/year for each wildcard domain.
>> >
>> > Is that a reasonable price? Any suggestions?
>>
>> How about https://letsencrypt.org/ free certs?
>>
>> baruch
>>
>> --
>>  http://baruch.siach.name/blog/  ~. .~   Tk Open
>> Systems
>>
>> =}ooO--U--Ooo{=
>>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Efraim Flashner]

I use wosign for my free certs. They're good for up to 3 years, free is good, 
and afaik they're in all the browsers. The website is in chinese though, so 
that can make it a bit challenging.

On Tue, 8 Mar 2016 07:05:03 +0200
Gabor Szabo  wrote:

> Hi there,
> 
> I think it's time to move some of my sites to use https, but as I only had
> self-signed ssl so far I wonder if you ppl have any recommendation where to
> get the certificate from and how much
> should I expect to pay?
> 
> I have one domain with about 20 subdomains (the translated versions of my
> articles)
> and a few other domains with 1-2, sometimes even more subdomains.
> 
> Most of them are probably considered commercial as they have ads on it and
> on some of them I even have a few subscribers, but they are, unfortunately,
> not a big business. Nevertheless I think this might exclude some "open
> source" providers.
> 
> I looked at http://www.cacert.org/ but as I can see the certificate they
> use on their own site is not recognized by either Chrome or Firefox. That
> does not seem to be a good thing. (See https://www.cacert.org/ )
> 
> A found plenty of companies offering SSL certificates. One of them
> https://www.ssl.com/
> that was recommended by the domain registrar I am using had
> $177 / year for the first 3 hostname and then $49 / year for each
> additional hostname and $129/year for each wildcard domain.
> 
> Is that a reasonable price? Any suggestions?
> 
> regards
>Gabor



-- 
Efraim Flashner      אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


pgpSwWEF804ce.pgp
Description: OpenPGP digital signature
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Michael Tewner]

As far as I know, letsencrypt.org certs are only good for 90 days, and
you'll want to have a script automatically renew and replace the cert in
the background all the time.
I like https://www.namecheap.com , as it helps you find the cheapest
between different CA's.
CACert is worthy of this community's support, but as you mentioned, their
certs aren't included in any browsers or OS's.



On Tue, Mar 8, 2016 at 7:24 AM, Baruch Siach  wrote:

> Hi Gabor,
>
> On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
> > A found plenty of companies offering SSL certificates. One of them
> > https://www.ssl.com/
> > that was recommended by the domain registrar I am using had
> > $177 / year for the first 3 hostname and then $49 / year for each
> > additional hostname and $129/year for each wildcard domain.
> >
> > Is that a reasonable price? Any suggestions?
>
> How about https://letsencrypt.org/ free certs?
>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Amos Shapira]

I too would recommend letsenctlrypt. The only down side is possibly that
you have to keep renewing (automatically with a cron job) every three
months.
Alternatively, www.ssls.com lists very very cheap certs.
On 8 Mar 2016 4:49 p.m., "Baruch Siach"  wrote:

> Hi Gabor,
>
> On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
> > A found plenty of companies offering SSL certificates. One of them
> > https://www.ssl.com/
> > that was recommended by the domain registrar I am using had
> > $177 / year for the first 3 hostname and then $49 / year for each
> > additional hostname and $129/year for each wildcard domain.
> >
> > Is that a reasonable price? Any suggestions?
>
> How about https://letsencrypt.org/ free certs?
>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Baruch Siach]

Hi Gabor,

On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
> A found plenty of companies offering SSL certificates. One of them
> https://www.ssl.com/
> that was recommended by the domain registrar I am using had
> $177 / year for the first 3 hostname and then $49 / year for each
> additional hostname and $129/year for each wildcard domain.
> 
> Is that a reasonable price? Any suggestions?

How about https://letsencrypt.org/ free certs?

baruch

-- 
 http://baruch.siach.name/blog/  ~. .~   Tk Open Systems
=}ooO--U--Ooo{=
   - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

OT: SSL certificates

[Gabor Szabo]

Hi there,

I think it's time to move some of my sites to use https, but as I only had
self-signed ssl so far I wonder if you ppl have any recommendation where to
get the certificate from and how much
should I expect to pay?

I have one domain with about 20 subdomains (the translated versions of my
articles)
and a few other domains with 1-2, sometimes even more subdomains.

Most of them are probably considered commercial as they have ads on it and
on some of them I even have a few subscribers, but they are, unfortunately,
not a big business. Nevertheless I think this might exclude some "open
source" providers.

I looked at http://www.cacert.org/ but as I can see the certificate they
use on their own site is not recognized by either Chrome or Firefox. That
does not seem to be a good thing. (See https://www.cacert.org/ )

A found plenty of companies offering SSL certificates. One of them
https://www.ssl.com/
that was recommended by the domain registrar I am using had
$177 / year for the first 3 hostname and then $49 / year for each
additional hostname and $129/year for each wildcard domain.

Is that a reasonable price? Any suggestions?

regards
   Gabor
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il