None of this actually fixes the problem, though. Do we have the ear of the list admin?
There are apparently other errors with reachability of the list admin address and such as well, per reports to me on NANOG. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Tylor Newman via mailop" <mailop@mailop.org> To: "Dave Warren" <d...@thedave.ca>, mailop@mailop.org Sent: Saturday, October 27, 2018 7:22:45 AM Subject: Re: [mailop] Expires SSL cert for mailop Very well said, Dave. I was going to send a more heated email about this last night, but refrained from doing so. You explained my position in a much more elegant manner! Like anything tech, Letsencrypt isn’t perfect, but in this day and age of free SSL certificates , there’s little to no reason not to be using it. Tylor Newman Linux Systems Administrator Email: tylo...@tylor.me From: Dave Warren <d...@thedave.ca> Sent: Friday, October 26, 2018 11:26 PM To: mailop@mailop.org Subject: Re: [mailop] Expires SSL cert for mailop On Fri, Oct 26, 2018, at 19:29, Noel Butler wrote: Problem with letsencrypt is their preferred and insisted " certbot " - does not run (easily at least) on all flavours.. I gave up with it on slackware which is what my servers run, tried using Crypt::LE and voila instant success, it was painless to use even for (tested at least) renews, although it requires a working webserver so come time to replace my comodo's on my MX's, will give me another challenge :) https://letsencrypt.org/docs/client-options/ does recommend starting with Certbot, but it certainly makes it clear that there are alternative options: "If certbot does not meet your needs, or you’d simply like to try something else, there are many more clients to choose from below" You also don't need to generate your certificate on the same machine that hosts the services using the certificates. It can either increase or reduce complexity depending on the particulars of your environment, but I generate most of my certificates centrally using DNS based authorization and either push or pull the certificates based on what is appropriate. It is an imperfect world, and this definitely applies to Let's Encrypt's documentation, but I've had good success building on top of what is already out there to get a custom solution when I don't see a perfect cookiecutter fix. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
