LetsEncrypt is pretty awesome. Certbot works flawlessly as long as you don't fiddle around changing things on it.
I use Xymon to monitor systems but whatever you're using otherwise, just send an alert if the cert is going to expire in <31 days. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Feb 21, 2020 at 6:43 PM Seth Mattinen <se...@rollernet.us> wrote: > On 2/21/20 12:04 PM, Ken Hohhof wrote: > > I don't have experience with letsencrypt but a webserver software mailing > > list I'm on has constant traffic about problems with certs not > renewing. It > > may be specific to that software, but my gut tells me if this is > something > > mission critical and you don't want to monitor it for problems, just pay > a > > regular cert authority. It's not a trivial amount of money, but not > > Bloomberg money either. I have too many things demanding my time already > > without having to babysit website certs. > > > I've converted 100% of my certs to use Let's Encrypt. As long as your > automated renewals are working you're golden. That's the catch though, > LE certs are only good for 90 days, so you absolutely can't be brain > dead about making sure automated renewals work. I use the default > certbot client but there are many other clients. > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
