[NCUC E-team] SSL
David Cake
davecake at gmail.com
Tue Aug 1 17:11:13 CEST 2017
Yeah, lets encrypt can just be scripted for the cert to be renewed automatically, requires no host or reg support.
We’ve got no need for any higher form of cert (like an EV) and lets encrypt is free, and low maintenance, so I am in favour of it.
David
> On 1 Aug 2017, at 9:30 pm, Tapani Tarvainen <ncuc at tapani.tarvainen.info> wrote:
>
> Hi Brenden,
>
> Like just about all registrars and their resellers, Gandi offers
> certificates of various kinds, but they cost money (admittedly little)
> and perhaps more important, require manual intervention to renew.
>
> Mainly for the latter reason I would suggest at least starting with
> letsencrypt.org <http://letsencrypt.org/>. Its automatic update system works quite well nowadays
> and does not require any special support from Gandi - it's basically
> just a program that needs to be installed, once, and set up to run
> automatically to renew the certificate as needed.
>
> If you want to set it up, I'll be happy to help.
>
> Tapani
>
> On Tue, Aug 01, 2017 at 08:06:58AM -0400, Brenden Kuerbis (bkuerbis at internetgovernance.org <mailto:bkuerbis at internetgovernance.org>) wrote:
>>
>> I wouldn't mind learning how to implement/manage a Let'sEncrypt cert.
>>
>> But we really should consider the ongoing maintenance (namely who is
>> doing it). Does Gandi support keeping a LetEncrypt cert updated
>> automatically?
>>
>> If not, maybe Gandi offers a cert service we should consider?
>> ---------------------------------------
>> Brenden Kuerbis
>> Internet Governance Project
>> http://internetgovernance.org
>>
>>
>> On Tue, Aug 1, 2017 at 3:14 AM, Tapani Tarvainen
>> <ncuc at tapani.tarvainen.info> wrote:
>>> Dear all,
>>>
>>> It was brought to my attention that ncuc.org does not use SSL.
>>>
>>> There is no really good reason for that. It was one of the things
>>> in my to-do list when I left NCUC EC rather suddenly in 2013,
>>> and nobody picked the task up.
>>>
>>> Back then it would've cost money, too, but now it could be done
>>> for free using letsencrypt.org.
>>>
>>> So I'd propose we do just that.
>>>
>>> I can do it, it's easy enough, but I'm of course also happy to let
>>> someone else do it (I can assist if someone wants to do it in order
>>> to learn, too).
>>>
>>> --
>>> Tapani Tarvainen
>>> _______________________________________________
>>> E-team mailing list
>>> E-team at lists.ncuc.org
>>> http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team
>>>
>
> --
> Tapani Tarvainen
> _______________________________________________
> E-team mailing list
> E-team at lists.ncuc.org <mailto:E-team at lists.ncuc.org>
> http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team <http://lists.ncuc.org/cgi-bin/mailman/listinfo/e-team>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/e-team/attachments/20170801/eb007a02/attachment-0001.html>
More information about the E-team
mailing list