home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.misc      General topics about computers not cover      21,759 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 20,389 of 21,759   
   Eli the Bearded to theom+news@chiark.greenend.org.uk   
   Re: 6-day TLS certificates from Let's En   
   15 Dec 24 03:11:40   
   
   From: *@eli.users.panix.com   
      
   In comp.misc, Theo   wrote:   
   > It sounds quite handy to me.  One of the problems with Let's Encrypt is that   
   > you set up your server, you get a LE certificate, you set up a cron job for   
   > renewal.  And then 90 days later you find out that your cron job didn't work   
   > for $reasons and the cert expired.  Making this timeout 6 days means that   
   > you find this bug much quicker - if it's still working after a couple of   
   > weeks then things are good.   
      
   When I have problems, I get mail from Let's Encrypt saying things like   
   "your cert is expiring in two weeks, did you know that?". That's why you   
   give them an email address during setup.   
      
   In my case, it's usually not because there is an issue with cron, but   
   because I have N names in one cert and I deleted the DNS record for one   
   of those and didn't update the LE config. They, quite rightly, don't   
   like to give out certs for names that don't resolve.   
      
   Elijah   
   ------   
   sometimes uses wildcard certs   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca