[NCUC E-team] SSL

David Cake davecake at gmail.com
Thu Aug 3 17:30:57 CEST 2017 

Is there an aeutorenewal script in place?

David

> On 3 Aug 2017, at 10:52 pm, Michael Oghia <mike.oghia at gmail.com> wrote:
> 
> Excellent work Tapani, thanks! It's working fine for me.
> 
> -Michael
> 
> On Thu, Aug 3, 2017 at 3:22 PM, Tapani Tarvainen <ncuc at tapani.tarvainen.info <mailto:ncuc at tapani.tarvainen.info>> wrote:
> OK, SSL implemented using letsencrypt.org <http://letsencrypt.org/>.
> 
> I set it up with three separate certificates:
> 
> ncuc.org <http://ncuc.org/> + www.ncuc.org <http://www.ncuc.org/>
> lists.ncuc.org <http://lists.ncuc.org/>
> oldwww.ncuc.org <http://oldwww.ncuc.org/>
> 
> as those might be split to different machines at some point.
> 
> Please report ASAP if you encounter any problems.
> 
> Tapani
> 
> On Tue, Aug 01, 2017 at 05:24:22PM -0500, Renata Aquino Ribeiro (raquino at gmail.com <mailto:raquino at gmail.com>) wrote:
> >
> > Letsencrypt I only hear good things
> >
> > Em 01/08/2017 16:01, "David Cake" <davecake at gmail.com <mailto:davecake at gmail.com>> escreveu:
> >
> > Yeah, lets encrypt can just be scripted for the cert to be renewed
> > automatically, requires no host or reg support.
> >
> > We’ve got no need for any higher form of cert (like an EV) and lets encrypt
> > is free, and low maintenance, so I am in favour of it.
> >
> > David
> >
> >
> > On 1 Aug 2017, at 9:30 pm, Tapani Tarvainen <ncuc at tapani.tarvainen.info <mailto:ncuc at tapani.tarvainen.info>>
> > wrote:
> >
> > Hi Brenden,
> >
> > Like just about all registrars and their resellers, Gandi offers
> > certificates of various kinds, but they cost money (admittedly little)
> > and perhaps more important, require manual intervention to renew.
> >
> > Mainly for the latter reason I would suggest at least starting with
> > letsencrypt.org <http://letsencrypt.org/>. Its automatic update system works quite well nowadays
> > and does not require any special support from Gandi - it's basically
> > just a program that needs to be installed, once, and set up to run
> > automatically to renew the certificate as needed.
> >
> > If you want to set it up, I'll be happy to help.
> >
> > Tapani
> >
> > On Tue, Aug 01, 2017 at 08:06:58AM -0400, Brenden Kuerbis (
> > bkuerbis at internetgovernance.org <mailto:bkuerbis at internetgovernance.org>) wrote:
> >
> >
> > I wouldn't mind learning how to implement/manage a Let'sEncrypt cert.
> >
> > But we really should consider the ongoing maintenance (namely who is
> > doing it). Does Gandi support keeping a LetEncrypt cert updated
> > automatically?
> >
> > If not, maybe Gandi offers a cert service we should consider?
> > ---------------------------------------
> > Brenden Kuerbis
> > Internet Governance Project
> > http://internetgovernance.org <http://internetgovernance.org/>
> >
> >
> > On Tue, Aug 1, 2017 at 3:14 AM, Tapani Tarvainen
> > <ncuc at tapani.tarvainen.info <mailto:ncuc at tapani.tarvainen.info>> wrote:
> >
> > Dear all,
> >
> > It was brought to my attention that ncuc.org <http://ncuc.org/> does not use SSL.
> >
> > There is no really good reason for that. It was one of the things
> > in my to-do list when I left NCUC EC rather suddenly in 2013,
> > and nobody picked the task up.
> >
> > Back then it would've cost money, too, but now it could be done
> > for free using letsencrypt.org <http://letsencrypt.org/>.
> >
> > So I'd propose we do just that.
> >
> > I can do it, it's easy enough, but I'm of course also happy to let
> > someone else do it (I can assist if someone wants to do it in order
> > to learn, too).
> >
> > --
> > Tapani Tarvainen
> _______________________________________________
> E-team mailing list
> E-team at lists.ncuc.org <mailto:E-team at lists.ncuc.org>
> http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team <http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team>
> 
> _______________________________________________
> E-team mailing list
> E-team at lists.ncuc.org
> http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/e-team/attachments/20170803/5dae0cee/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.ncuc.org/pipermail/e-team/attachments/20170803/5dae0cee/attachment-0001.sig>

More information about the E-team mailing list