On Sat, 19 Aug 2017 21:39:18 -0400 KT Walrus <ke...@my.walr.us> wrote:
> > On Aug 18, 2017, at 4:05 AM, Stephan von Krawczynski <sk...@ithnet.com> > > wrote: > > > > On Fri, 18 Aug 2017 00:24:39 -0700 (PDT) > > Joseph Tam <jtam.h...@gmail.com> wrote: > > > >> Michael Felt <mich...@felt.demon.nl> writes: > >> > >>>> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is > >>>> written in pure shell script, so no python dependencies. > >>>> https://github.com/Neilpang/acme.sh > >>> > >>> Thanks - I might look at that, but as Ralph mentions in his reply - > >>> Let's encrypt certs are only for three months - never ending circus. > >> > >> I wouldn't characterize it as a circus. Once you bootstrap your first > >> certificate and install the cert-renew cron script, it's not something > >> you have to pay a lot of attention to. I have a few LE certs in use, > >> and I don't think about it anymore: it just works. > >> > >> The shorter cert lifetime also helps limit damage if your certificate > >> gets compromised. > >> > >> Joseph Tam <jtam.h...@gmail.com> > > > > Obviously you do not use clustered environments with more than one node per > > service. > > Else you would not call it "it just works", because in fact the renewal is > > quite big bs as one node must do the job while all the others must be > > _offline_. > > > > -- > > Regards, > > Stephan > > I use DNS verification for LE certs. Much better since generating certs only > depends on access to DNS and not your HTTP servers. Cert generation is > automatic (on a cron job that runs every night looking for certs that are > within 30 days of expiration). Once set up, it is pretty much automatic. I > do use Docker to deploy all services for my website which also makes things > pretty easy to manage. > > Kevin > DNS verification sounds nice only on first glimpse. If you have a lot of domains and ought to reload your DNS for every verification of every single domain that does not look like a method with a small footprint or particularly elegant. -- Regards, Stephan
