Menu
▾
▴
Re: [Astlinux-users] ACME (Let's Encrypt) Certificates Vs Wildcard SSL certificates
|
From: Lonnie A. <li...@lo...> - 2019-04-10 14:34:07
|
<html><head></head><body dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="ApplePlainTextBody"><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="ApplePlainTextBody"><div class="ApplePlainTextBody">Hi Michael,<br><br><blockquote type="cite">but the way I see it is that we could just purchase a Wildcard SSL certificate instead of using ACME which seems a bit of a hassle.<br>Am I correct?<br></blockquote><br><br>IMO, using automatic ACME certs in AstLinux is the least-hassle approach ... after the initial setup.<br><br>The hassle with a 1-2 year Wildcard SSL cert (other than the cost) is it needs to be deployed and updated to all the boxes, even if only every 1-2 years. You would need to create some sort of CRON script to do that, and probably with authentication.<br><br>If you go through the trouble of creating a Wildcard SSL cert deploy/update system, you just as well mint your own Let's Encrypt Wildcard Certs at a central location, at no cost every two months.<br><br>You need to weigh the pros/cons for your situation, I use Cloudflare for my ACME DNS validation, and after many renewals for many boxes using non-wildcard certs, it just works.<br><br>Lonnie<br><br><br><br><br><blockquote type="cite">On Apr 10, 2019, at 5:34 AM, Michael Knill <mic...@ip...> wrote:<br><br>Hi Group<br><br>As I am looking to encourage the use of web portals that we have built into Astlinux, I am having to consider the use of non self signed certificates to stop the browser complaining.<br>The web interface for all our systems is accessible with <customer id>.ibcaccess.net.<br>Forgive me for my ignorance but I'm not that good with SSL certificates but the way I see it is that we could just purchase a Wildcard SSL certificate instead of using ACME which seems a bit of a hassle.<br>Am I correct? <br><br>Regards<br>Michael Knill<br>_______________________________________________<br>Astlinux-users mailing list<br>Ast...@li...<br>https://lists.sourceforge.net/lists/listinfo/astlinux-users<br><br>Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....<br></blockquote><br></div></div></body></html> |
