|
|
I had the same problem at first. You have to select a Azure subscription level that won't shut down the WebJob that does the renewal. If I remember right, when you go to the web job you will probably get a warning about this, and give you the option to update your subscription. Once you do that you should have no more issues with this.
|
|
|
|
|
|
|
I am using Certify The Web and max renewal time span is 60 days. What software do you using?
No more Mister Nice Guy... >: |
|
|
|
|
|
n.podbielski wrote: What software do you using?
I wrote my own service that checks whether the cert needs to be renewed and then launches a wrapper that provides the command line parameters to GitHub - oocx/acme.net: A .net implementation of ACME (Automatic Certificate Management Environment)[^]
In some cases, I embed the check in the web server itself so I don't need a separate service.
[edit] Richard's post on PKISharp is definitely on my list to investigate! [/edit]
Marc
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Marc Clifton wrote: GitHub - oocx/acme.net:
I see this is just a some hobby project.
Marc Clifton wrote: PKISharp
I probably would have to create my own certificate installer for OS and IIS right? For now Let's Encrypt doing this for me
Marc Clifton wrote: Richard's post on PKISharp is definitely on my list to investigate!
Do you have a link?
No more Mister Nice Guy... >: |
|
|
|
|
|
That link to acme.net has a command line option to update IIS. Works quite well.
Perusing the source, it's definitely not a hobby project, imo.
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Marc Clifton wrote: Perusing the source, it's definitely not a hobby project, imo.
From github:
Quote: This project is work in progress. It works, but probably still has many bugs and needs more testing.
If you are just looking for a Let's Encrypt client or a more mature project, then you should take a look at these projects:
For me looks like hobby project. I am not saying that it not works. Description from the author sends a signal: 'do not use it at home'
No more Mister Nice Guy... >: |
|
|
|
|
|
|
Have used it on OpenLearning.com (custom NS) with no problem for a while and have a bunch of servers that using it by automation.
If you don't like the hassle on renewal, maybe cheap SSL from Godaddy or Comodo will do.
{My Greatest Challenge Is Me}*
|
|
|
|
|
I use it for a website and it works great.
The auto-renewal feels a bit clunky in Windows but it's not stopped working *yet* - I use the same auto-renewal linked by Richard Deeming above.
|
|
|
|
|
I use it on QNAP NAS, client site (Linux) and personal usage (Windows). And it works without any issues. Auto renewal is awesome. However, you can not get OV or EV certificate from Let's Encrypt.
There can be only one.
|
|
|
|
|
|
I am using it for like a 6 months now. The biggest problem was automation for me (still not working 100%), but this is because of my complex setup (2 servers: Windows VPS and in-house ubuntu machine; severals applications like cloud, webpages, mail etc. all using the same certificate), nothing to do with LE which have broad community, lots of software, is supported out-of-the-box by a lot of Open Source projects and have a lot of guides. The only thing that can be hard to do is updating DNS during certification if you need * certificate and your hosting to do not support any APIs for that. Good thing my is just simple webform so I can do it in like 3 lines of Power Shell code even if I had to spend like a day to figure out how to do it.
No more Mister Nice Guy... >: |
|
|
|
|
|
kmoorevs wrote: anyone here using let's encrypt?
Yes, it's open and safe. The 3 month renewal requirement is actually a security feature. This makes your service less susceptible to vulnerabilities as you will get patched certificates more often than regular long lived certificates. I have seen my fair share of security vulnerabilities being disclosed that affect some of these long lived certificates generated by paid CA's. So prefer short lived certificates so you don't actually have to rely on not missing any news to ensure your services are protected.
kmoorevs wrote: Anyone had issues with it?
Yes, when I first started I didn't get automation right. It solves itself once you get to know what you're doing.
kmoorevs wrote: Usually there is a reason things are free...limitations and such
Yes, and the reason is a more secure web. Let's Encrypt is a non-profit organization to make security accessible to everyone. It's backed by many of the big corporates: Current Sponsors and Donors - Let's Encrypt - Free SSL/TLS Certificates.
But by being free it means it gets used a lot with a limited amount of budget. The main limitation is that you can only generate 50 certificates per week for a given top level domain. Which in my experience is more than enough for most use cases. See here for more details: Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson
Our heads are round so our thoughts can change direction - Francis Picabia
|
|
|
|
|
I use it for 2 sites hosted on a commercial ISP. Unfortunately, the ISP does not support autorenewal (they want you to buy certificates from their provider), but the process of updating the certificates (using certbot-auto on a Debian VM) every 2.5 months takes about half an hour of my time from start to finish, and the cost/benefit versus paying for commercial ones seems worthwhile. I have not encountered any issues.
|
|
|
|
|
I use Let's Encrypt on my hosted sites, which run on shared Windows hosts under Plesk. No problems with the certificate per se, but Plesk's renewal process is a pain. It seems to involve installing files on a specific sub-folder and verifying those files by making a non-encrypted http request. This is a pain as the sites are configured to auto-redirect any insecure requests to the https: protocol, so these verification requests fail (as they don't accept a redirect as a valid response). To complicate matters further, many of my sites require authentication on all pages (apart from the login form) so again the verification request fails. I can get around this by explicitly removing authentication for the relevant subfolder, but the automatic redirect to https is more of a pain and I'm finding I have to manually disable this temporarily, manually issue a renew request, then reinstate the redirect. I suspect this is more of a Plesk issue than LetsEncrypt, but it all adds to the hassle.
That said, I have some sites that now run on https that I probably wouldn't have bothered with had I had to buy SSL certs (they're hobby sites essentially).
|
|
|
|
|
|
|
|
Well that is the first Star Wars offering in 30 years that made me want more!
Socialism is the Axe Body Spray of political ideologies: It never does what it claims to do, but people too young to know better keep buying it anyway. (Glenn Reynolds)
|
|
|
|
|
Is a group of singing dinosaurs a Tyrannochorus?
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Do they finish to raptorous applause?
Socialism is the Axe Body Spray of political ideologies: It never does what it claims to do, but people too young to know better keep buying it anyway. (Glenn Reynolds)
|
|
|
|
|
According to my thesaurus it's not.
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
|
|
|
|