[NCUC E-team] SSL

Tapani Tarvainen ncuc at tapani.tarvainen.info
Thu Aug 3 15:22:23 CEST 2017 

OK, SSL implemented using letsencrypt.org.

I set it up with three separate certificates:

ncuc.org + www.ncuc.org
lists.ncuc.org
oldwww.ncuc.org

as those might be split to different machines at some point.

Please report ASAP if you encounter any problems.

Tapani

On Tue, Aug 01, 2017 at 05:24:22PM -0500, Renata Aquino Ribeiro (raquino at gmail.com) wrote:
> 
> Letsencrypt I only hear good things
> 
> Em 01/08/2017 16:01, "David Cake" <davecake at gmail.com> escreveu:
> 
> Yeah, lets encrypt can just be scripted for the cert to be renewed
> automatically, requires no host or reg support.
> 
> We’ve got no need for any higher form of cert (like an EV) and lets encrypt
> is free, and low maintenance, so I am in favour of it.
> 
> David
> 
> 
> On 1 Aug 2017, at 9:30 pm, Tapani Tarvainen <ncuc at tapani.tarvainen.info>
> wrote:
> 
> Hi Brenden,
> 
> Like just about all registrars and their resellers, Gandi offers
> certificates of various kinds, but they cost money (admittedly little)
> and perhaps more important, require manual intervention to renew.
> 
> Mainly for the latter reason I would suggest at least starting with
> letsencrypt.org. Its automatic update system works quite well nowadays
> and does not require any special support from Gandi - it's basically
> just a program that needs to be installed, once, and set up to run
> automatically to renew the certificate as needed.
> 
> If you want to set it up, I'll be happy to help.
> 
> Tapani
> 
> On Tue, Aug 01, 2017 at 08:06:58AM -0400, Brenden Kuerbis (
> bkuerbis at internetgovernance.org) wrote:
> 
> 
> I wouldn't mind learning how to implement/manage a Let'sEncrypt cert.
> 
> But we really should consider the ongoing maintenance (namely who is
> doing it). Does Gandi support keeping a LetEncrypt cert updated
> automatically?
> 
> If not, maybe Gandi offers a cert service we should consider?
> ---------------------------------------
> Brenden Kuerbis
> Internet Governance Project
> http://internetgovernance.org
> 
> 
> On Tue, Aug 1, 2017 at 3:14 AM, Tapani Tarvainen
> <ncuc at tapani.tarvainen.info> wrote:
> 
> Dear all,
> 
> It was brought to my attention that ncuc.org does not use SSL.
> 
> There is no really good reason for that. It was one of the things
> in my to-do list when I left NCUC EC rather suddenly in 2013,
> and nobody picked the task up.
> 
> Back then it would've cost money, too, but now it could be done
> for free using letsencrypt.org.
> 
> So I'd propose we do just that.
> 
> I can do it, it's easy enough, but I'm of course also happy to let
> someone else do it (I can assist if someone wants to do it in order
> to learn, too).
> 
> --
> Tapani Tarvainen

More information about the E-team mailing list