[H-GEN] LetsEncrypt - anybody using them yet? Reservations?

Greg Black gjb at yaxom.com
Wed Dec 16 17:25:30 EST 2015 

I've been using it for several weeks. It took some work to set it up free
of errors with lighttpd, but once I sorted that there was only one real
problem. They said yesterday that the fix for that bug which I had reported
had now been pushed into the repo. I haven't had time yet to check, but I
expect that it will be fixed.

So I plan to just use it for everything now. One thing that is worth doing
is to check your domain with the Qualsys SSL Server Test
<https://www.ssllabs.com/ssltest/> and fix anything that it shows up.

On 16 December 2015 at 21:08, Timothy White <timwhite88 at gmail.com> wrote:

> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>
> I was playing with it during the closed beta.
> Now that it's public beta and I don't need whitelisted domains, I'm
> playing with it even more.
>
> I found
> https://johnmaguire.me/2015/12/configuring-nginx-lets-encrypt-automatic-renewal/
> really helped me get it working with Nginx, given that the automatic plugin
> for Nginx is disabled due to issues.
>
> Reasons to not use? If you need an EV cert for something? Reasons to use,
> we can encrypt everything! :D
>
> I'm happy, even if some have expressed dislike at the 90 day certificate
> lifetime. One project even rejected LE as an included CA because they feel
> the 90 day bit is LE trying to enforce policy that shouldn't be up to the
> CA to enforce. I've read lots of opinions about the 90 day lifetime, and I
> think they have good reasons to start with 90 days, and they'll evaluate
> extending it in the future. 90 days hasn't been an issue for me now I've
> got auto renewal working.
>
> Tim
>
> On Tue, Dec 15, 2015 at 4:10 PM, Daniel Devine <devine at ddevnet.net> wrote:
>
>> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
>> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>>
>> I've been keeping an eye on the Let's Ecnrypt (https://letsencrypt.org/)
>> CA. It does things quite differently to CACert however I think it's really
>> what everybody has been needing for many years now. It's now in public beta
>> so you can go try it now.
>>
>> Does anybody have good reasons why I/we shouldn't start using Let's
>> Encrypt besides unresolved bugs in the client software?
>>
>> I look forward to moving off StartSSL.
>>
>> --
>> Daniel Devine
>> _______________________________________________
>> General mailing list
>> General at lists.humbug.org.au
>> http://lists.humbug.org.au/mailman/listinfo/general
>>
>
>
> _______________________________________________
> General mailing list
> General at lists.humbug.org.au
> http://lists.humbug.org.au/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20151217/c9be9472/attachment.html>

More information about the General mailing list