|
I am using it for like a 6 months now. The biggest problem was automation for me (still not working 100%), but this is because of my complex setup (2 servers: Windows VPS and in-house ubuntu machine; severals applications like cloud, webpages, mail etc. all using the same certificate), nothing to do with LE which have broad community, lots of software, is supported out-of-the-box by a lot of Open Source projects and have a lot of guides. The only thing that can be hard to do is updating DNS during certification if you need * certificate and your hosting to do not support any APIs for that. Good thing my is just simple webform so I can do it in like 3 lines of Power Shell code even if I had to spend like a day to figure out how to do it.
No more Mister Nice Guy... >: |
|
|
|
|
|
kmoorevs wrote: anyone here using let's encrypt?
Yes, it's open and safe. The 3 month renewal requirement is actually a security feature. This makes your service less susceptible to vulnerabilities as you will get patched certificates more often than regular long lived certificates. I have seen my fair share of security vulnerabilities being disclosed that affect some of these long lived certificates generated by paid CA's. So prefer short lived certificates so you don't actually have to rely on not missing any news to ensure your services are protected.
kmoorevs wrote: Anyone had issues with it?
Yes, when I first started I didn't get automation right. It solves itself once you get to know what you're doing.
kmoorevs wrote: Usually there is a reason things are free...limitations and such
Yes, and the reason is a more secure web. Let's Encrypt is a non-profit organization to make security accessible to everyone. It's backed by many of the big corporates: Current Sponsors and Donors - Let's Encrypt - Free SSL/TLS Certificates.
But by being free it means it gets used a lot with a limited amount of budget. The main limitation is that you can only generate 50 certificates per week for a given top level domain. Which in my experience is more than enough for most use cases. See here for more details: Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson
Our heads are round so our thoughts can change direction - Francis Picabia
|
|
|
|
|
I use it for 2 sites hosted on a commercial ISP. Unfortunately, the ISP does not support autorenewal (they want you to buy certificates from their provider), but the process of updating the certificates (using certbot-auto on a Debian VM) every 2.5 months takes about half an hour of my time from start to finish, and the cost/benefit versus paying for commercial ones seems worthwhile. I have not encountered any issues.
|
|
|
|
|
I use Let's Encrypt on my hosted sites, which run on shared Windows hosts under Plesk. No problems with the certificate per se, but Plesk's renewal process is a pain. It seems to involve installing files on a specific sub-folder and verifying those files by making a non-encrypted http request. This is a pain as the sites are configured to auto-redirect any insecure requests to the https: protocol, so these verification requests fail (as they don't accept a redirect as a valid response). To complicate matters further, many of my sites require authentication on all pages (apart from the login form) so again the verification request fails. I can get around this by explicitly removing authentication for the relevant subfolder, but the automatic redirect to https is more of a pain and I'm finding I have to manually disable this temporarily, manually issue a renew request, then reinstate the redirect. I suspect this is more of a Plesk issue than LetsEncrypt, but it all adds to the hassle.
That said, I have some sites that now run on https that I probably wouldn't have bothered with had I had to buy SSL certs (they're hobby sites essentially).
|
|
|
|
|
|
|
|
Well that is the first Star Wars offering in 30 years that made me want more!
Socialism is the Axe Body Spray of political ideologies: It never does what it claims to do, but people too young to know better keep buying it anyway. (Glenn Reynolds)
|
|
|
|
|
Is a group of singing dinosaurs a Tyrannochorus?
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Do they finish to raptorous applause?
Socialism is the Axe Body Spray of political ideologies: It never does what it claims to do, but people too young to know better keep buying it anyway. (Glenn Reynolds)
|
|
|
|
|
According to my thesaurus it's not.
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
|
|
|
|
|
with or without the bronchusaurus?
Message Signature
(Click to edit ->)
|
|
|
|
|
There's always one in the audience!
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Triceratops the charts, as always. Her friend allosaurus fooling about, but kept it mum, which forages has been our secret.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Didn't they sing Irish songs under their chorus master Terry O'Dactyl?
I'll get my coat
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
Are you sure it wasn't Paddy C. Phalosaurus[^]???
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- Never argue with a fool. Onlookers may not be able to tell the difference. Mark Twain
modified 7-Jun-19 2:03am.
|
|
|
|
|
Googled "Singing dinosaur", and it turns out they really exist[^]
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- Never argue with a fool. Onlookers may not be able to tell the difference. Mark Twain
|
|
|
|
|
I got Herself the Lobster version of that many years ago for Christmas. Big box - as you'd expect - which I nicely wrapped in Christmas paper, with bows and everything: then insisted it was kept in the fridge until the big day to stop it going off ...
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Yes, but there's always a prima mastadona.
Software Zen: delete this;
|
|
|
|
|
|
yes, but it's apple, you know it will fit right on as if it's always been there.
if it were windows you'd have to re-format and reinstall the mug first. and if you're left handed, well, best advice: don't even go there.
whereas if it were linux you'd need an entire workshop of tools that make no sense, without labels on the any buttons (if you can find them) just to measure if it'll fit. once there though fitting will be simple. it'll also be really simple to remove ...assuming of course you can remember where you left the workshop.
Message Signature
(Click to edit ->)
|
|
|
|
|
It will fit, but first you have to buy some Apple's super-glue - only $99...
"The only place where Success comes before Work is in the dictionary." Vidal Sassoon, 1928 - 2012
|
|
|
|
|
It uses proprietary coffee that you can only buy from Apple, proprietary milk that you can only get via iTunes, and sugar is under development.
And you will have to replace it every six months with a faster brewing version.
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
OriginalGriff wrote: faster brewing version
Are you talking about 60% faster brewing version..!!!!
Try to find out fool in a deal. If you can't find one, it's you.
|
|
|
|
|
Oh yes! (But the old one strangely seems 70% slower than it was)
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|