[Cialug] SSL Certs

Daniel A. Ramaley daniel.ramaley at drake.edu
Mon Apr 9 14:17:53 UTC 2018


For what it is worth, i can second the suggestion to use Let's Encrypt.
I've been using them for awhile. The really short expiration and renewal
cycle was a bit disconcerting at first, just because it is not what i
was used to. But the automated renewal works perfectly.

I run the renewal script daily and have it send me an e-mail; most days
it tells me it is not time to renew yet, but once per month it tells me
it renewed my certificate, installed the new one, and restarted the
relevant daemons. It even includes output from the daemon restart
scripts so i know they were successful. It's all pretty slick.

On 2018-04-09 09:11, Dave Hala wrote:
> I will probably end up with just a regular wildcard, as I have more than a
> couple of subdomains.
> 
> I'm going to look into certbot. If I can trust it, then I would go with
> letsencrypt and let it "auto-majically" install a new cert every three
> months.

__
Daniel Ramaley | Server Engineer 2
Information Technology Services | Drake University
T: +1-515-271-4540
W: http://www.drake.edu/its


More information about the Cialug mailing list