Both Firefox and Opera are relentlessly bugging me that the site's security certificate has just expired.
I guess this is because I'm in an easterly time zone. Any Oz or Kiwis getting this too?
I guess this is because I'm in an easterly time zone. Any Oz or Kiwis getting this too?
It is good now. It is a Let'sEncrypt cert that expires every 90 days. And it did...
Note to site owners: You can buy a Comodo cert for 2 years for <$8....
I'll send you the 8 bucks if you need it.
Note to site owners: You can buy a Comodo cert for 2 years for <$8....
I'll send you the 8 bucks if you need it.
Actually long lived certificates can have their own problems (Eg: Symantic SSL apocalypse).
Let's Encrypt eschews long lived certificates for short ones as a security and operations design feature, rather than a bug. It forces them to be renewed regularly which is good for security, and encourages automation. Unfortunately their renewal app wasn't compatible with the server hardening I'd implemented so I've been diligently doing the renewal manually every ~85 days making sure it worked. Initially it was quite complicated but I've refined it to now work seamlessly and it can actually be automated - I was just being a scaredy cat wanting to actually watch it each time and make sure it worked. It's been fine for the last year and worked without fail so I'll make sure the next renewal is automated and hands off.
Money is not the issue, it was a technology stack / implementation choice. Shouldn't happen again 🙂
Let's Encrypt eschews long lived certificates for short ones as a security and operations design feature, rather than a bug. It forces them to be renewed regularly which is good for security, and encourages automation. Unfortunately their renewal app wasn't compatible with the server hardening I'd implemented so I've been diligently doing the renewal manually every ~85 days making sure it worked. Initially it was quite complicated but I've refined it to now work seamlessly and it can actually be automated - I was just being a scaredy cat wanting to actually watch it each time and make sure it worked. It's been fine for the last year and worked without fail so I'll make sure the next renewal is automated and hands off.
Money is not the issue, it was a technology stack / implementation choice. Shouldn't happen again 🙂