Thoughts on Let's Encrypt for SSL
-
Marc Clifton wrote:
I see this is just a some hobby project.
Marc Clifton wrote:
PKISharp
I probably would have to create my own certificate installer for OS and IIS right? For now Let's Encrypt doing this for me :)
Marc Clifton wrote:
Richard's post on PKISharp is definitely on my list to investigate!
Do you have a link?
No more Mister Nice Guy... >: |
That link to acme.net has a command line option to update IIS. Works quite well. Perusing the source, it's definitely not a hobby project, imo. :)
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny Artificial intelligence is the only remedy for natural stupidity. - CDP1802
-
That link to acme.net has a command line option to update IIS. Works quite well. Perusing the source, it's definitely not a hobby project, imo. :)
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny Artificial intelligence is the only remedy for natural stupidity. - CDP1802
Marc Clifton wrote:
Perusing the source, it's definitely not a hobby project, imo.
From github:
Quote:
This project is work in progress. It works, but probably still has many bugs and needs more testing. If you are just looking for a Let's Encrypt client or a more mature project, then you should take a look at these projects:
For me looks like hobby project. I am not saying that it not works. Description from the author sends a signal: 'do not use it at home' :)
No more Mister Nice Guy... >: |
-
I use Let's Encrypt on my hosted sites, which run on shared Windows hosts under Plesk. No problems with the certificate per se, but Plesk's renewal process is a pain. It seems to involve installing files on a specific sub-folder and verifying those files by making a non-encrypted http request. This is a pain as the sites are configured to auto-redirect any insecure requests to the https: protocol, so these verification requests fail (as they don't accept a redirect as a valid response). To complicate matters further, many of my sites require authentication on all pages (apart from the login form) so again the verification request fails. I can get around this by explicitly removing authentication for the relevant subfolder, but the automatic redirect to https is more of a pain and I'm finding I have to manually disable this temporarily, manually issue a renew request, then reinstate the redirect. I suspect this is more of a Plesk issue than LetsEncrypt, but it all adds to the hassle. That said, I have some sites that now run on https that I probably wouldn't have bothered with had I had to buy SSL certs (they're hobby sites essentially).
Thanks for the response! I've spent several hours trying to get https to work on an in-house web server that hosts our secondary website and multiple customer web applications. It still doesn't work. :sigh: I was trying it (let's encrypt) out locally before I put it on a new Azure VM that will most likely take over most of the customer web apps. Anyhow, I decided to try a different ACME tool on the new server and in < 10 minutes, had it working! My goal was to have the new server ready by Monday so it's mission accomplished! :) I suppose I'll find out about renewal issues in a few months. :laugh: I've been running my company's secondary website and customer web apps without a cert for around 15 years. Nobody ever complained until chrome started showing the 'Not secure' tag...I think they have plans to make that tag more prominent in future versions. At any rate, I am grateful to the open source community and especially let's encrypt for providing this solutions for free ssl. :thumbsup:
"Go forth into the source" - Neal Morse