[Cryptography] letsencrypt.org
Robin Wood
robin at digi.ninja
Thu Sep 14 09:30:28 EDT 2017
On Wed, 13 Sep 2017 at 23:08 Jason Cooper <cryptography at lakedaemon.net>
wrote:
> Hi Bayuk,
>
> On Wed, Sep 13, 2017 at 02:18:40PM -0400, Bayuk wrote:
> > Has anyone on this list contributed to https://letsencrypt.org/ -
> and/or
> > otherwise have personal experience, caveats, recommendations with
> respect to
> > the current service or roadmap?
>
> It's extremely useful, with the caveat that certificates are only valid
> for 90 days (by design), and require admin privileges to install.
>
> To maximize it's usefulness, it's worth the time investment to set up a
> cron job to automatically renew the certs. Note that this must run as
> root (admin).
>
Mine doesn't, it does everything as a low privilege user and then has sudo
privileges to restart apache.
Robin
>
> The good folks over in BSD-land created a nice, privilege-separated tool
> for this task, acme-client [1]. I've been using for quite a while
> (before it was renamed from letskencrypt), and been really happy.
>
> Good luck,
>
> Jason.
>
> [1] https://kristaps.bsd.lv/acme-client/
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170914/1a9b90dc/attachment.html>
More information about the cryptography
mailing list