On 2017-04-26, Predrag Punosevac wrote:
> Adam Thompson wrote:
>
>> I stand by my statement that just buying a cheap SSL cert will, for
>> anything other than the simple case of an online, directly-connected,
>> webserver, be cheaper than the labour required to obtain a
> acme.sh does not require root/sudoer access. For sure I run it as an
> unprivileged user and hope you do as well!
The concept of privsep isn't about running as an unprivileged user.
It is so much more.
The problem is that unprivileged users still have the full system call
interface
On 4/26/17 12:41 PM, Theo de Raadt wrote:
I haven't seen anyone mention acme.sh yet--a shell script for
letsencrypt with no external dependencies.
https://github.com/Neilpang/acme.sh
No external dependencies, and no security foundations.
No privsep, no clear seperation.
Using pretty much
> I haven't seen anyone mention acme.sh yet--a shell script for
> letsencrypt with no external dependencies.
>
> https://github.com/Neilpang/acme.sh
No external dependencies, and no security foundations.
No privsep, no clear seperation.
Using pretty much every unsafe pattern tied to security
On 4/26/17 11:02 AM, Stuart Henderson wrote:
On 2017-04-25, Adam Thompson wrote:
On 2017-04-25 05:27, Stuart Henderson wrote:
* If you want to do dns-01 challenge with acme-client, you'll need to
use Kristaps' version for now, base acme-client only supports the
On 2017-04-26, Marcus MERIGHI wrote:
> To keep him going I suggest:
>
> http://spacehopper.org/wishlist
>
> "Exploding the phone" is taken.
> ("Estimated delivery: 23 May 2017 - 16 Jun. 2017")
>
> We all benefit :-)
Thanks! I haven't updated that list recently so it's a
On 2017-04-25, Adam Thompson wrote:
> On 2017-04-25 05:27, Stuart Henderson wrote:
>
>> Firstly, with dns-01 challenge you can get a certificate for a server
>> which doesn't allow external access at all (the request and challenge
>> can be done with completely separate
April 2017 um 06:16 Uhr
> Von:??"Predrag Punosevac" <punoseva...@gmail.com>
> An:??misc@openbsd.org
> Betreff:??Re: acme-client(1) and http_proxy
> [ ... ]
> > Best,
> > Predrag
> >
> > P.S. In all my years on this mailing list I have seen not
Gesendet: Mittwoch, 26. April 2017 um 06:16 Uhr
Von: "Predrag Punosevac" <punoseva...@gmail.com>
An: misc@openbsd.org
Betreff: Re: acme-client(1) and http_proxy
[ ... ]
> Best,
> Predrag
>
> P.S. In all my years on this mailing list I have seen nothing but th
Adam Thompson wrote:
> I stand by my statement that just buying a cheap SSL cert will, for
> anything other than the simple case of an online, directly-connected,
> webserver, be cheaper than the labour required to obtain a LetsEncrypt
> certificate.
A cheap certificate like the one you can
On 2017-04-25 05:27, Stuart Henderson wrote:
On 2017-04-25, Adam Thompson wrote:
By definition, you will (probably) not be able to use the ACME
protocol - it only works (normally) when your system is connected
directly to the public internet with a static IP address.
On 2017-04-25, Adam Thompson wrote:
> By definition, you will (probably) not be able to use the ACME
> protocol - it only works (normally) when your system is connected
> directly to the public internet with a static IP address.
>
> Simply because you say "behind a
On 2017-04-21, Manuel Giraud wrote:
> Hi,
>
> I'm trying to use the new acme-client on a server behind a corporate
> proxy (i.e. I have to set a http_proxy to get out). It seems (from
> reading the code) that acme-client(1) does not honor http_proxy.
>
> Is this on purpose?
By definition, you will (probably) not be able to use the ACME protocol - it
only works (normally) when your system is connected directly to the public
internet with a static IP address.
Simply because you say "behind a corporate firewall", I already know (or at
least assume) that ACME will
14 matches
Mail list logo