On 28.09.2016 10:55, li...@lazygranch.com wrote:

> I didn't like the Let's Encrypt 90 day deal with mysterious upload to
> your server. It bugs me.

Let's Encrypt does not upload anything to your server. You download an
updated certificate, if and when you choose to. That process can be
invoked manually - which I prefer - or via a cron job, if the necessary
TCP port is made available. If you use the LE standard mechanics, nothing
on your local machine is overwritten either, and you'll keep a history
of your certificates if you so desire.

As for the "90 day deal": LE is still in ramp-up phase, so I expect the
validity period to increase. Even with 90 days, it is worth using their
certificates. In a DANE context, all you need to take care of is not
automatically generating new keys with each update, and that is easily
avoided.

Perhaps I should be mad at LE for stealing some of my business (I run a
CA myself), but they are doing a good job, and I am always glad to see
people making encryption available to the masses.

-Ralph

Reply via email to