Oh forgot letsencrypt also does not like when you ask about their ip ranges and when you redirect dns of the amazon cloud to different zone files. So basically when you use letsencrypt, you automatically have to open up your webserver (unless you alter your environment on renewals) to amazon abuse. I told these guys from zerossl about this and they should use dedicated range to fall back on, and I think they did, because I don't have time outs any more because of blocked ranges. These people of zerossl have brains, if you tell them about something how they can make it better, they consider it and apply these changes.
> -----Original Message----- > From: Marc > Sent: Thursday, 23 January 2025 09:35 > To: 'Benny Pedersen' <m...@junc.eu>; dovecot@dovecot.org > Subject: RE: Fwd: Fwd: [OFFLIST] Re: connection refused, no error > anywhere > > I have 0 issues 2-3 years. Besides what can be the issues with some > shell scripting. Better than having some code running as root. > > I guess you see issues here, because if you ask at letsencrypt who can > you sue if they issue a false certificate, why they are not hosting in > Europe, why they run as root, you get blocked. > > > -----Original Message----- > > From: Benny Pedersen via dovecot <dovecot@dovecot.org> > > Sent: Thursday, 23 January 2025 09:27 > > To: dovecot@dovecot.org > > Subject: Re: Fwd: Fwd: [OFFLIST] Re: connection refused, no error > > anywhere > > > > Marc via dovecot skrev den 2025-01-23 09:21: > > >> > > >> dovecot starts as root, and drops priveleges later, so group it non > > >> rooted is a security problem on its own :) > > >> > > >> certbot creates letencrypt pem files owned by root and grouped > root, > > >> only the private key cant be readed by other users then root > > >> > > > > > > wtf letsencrypt still requires root?? What an amateur club there. > > > I am using this this, without root, than you can easily switch to > > > zerossl. > > > https://github.com/acmesh-official/acme.sh > > > > 1k issues ?, how is this better ? > > > > _______________________________________________ > > dovecot mailing list -- dovecot@dovecot.org > > To unsubscribe send an email to dovecot-le...@dovecot.org _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
