Lets Encrypt
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
>Let's Encrypt, the free and automated certificate authority system, has entered public beta.
There is now no excuse why your websites do not offer HTTPS encrypted connections.
https://letsencrypt.readthedocs.org/en/latest/
https://www.eff.org/deeplinks/2015/12/lets-encrypt-enters-public-beta
https://letsencrypt.org/2015/12/03/entering-public-beta.html
awesome, glad it's now in public beta.
>1 reply
>/g/ - Technology
>>51668818
I'm waiting for proper packages to become available, mainly for arch. I tried using the client once and it spammed my filesystem full of shit everywhere, there was so fucking much of it, I don't even know why the hell one tool needs so much dependency junk and why it has to make such a mess.
Proper packages with clean uninstallation and a concise guide that just gives me what I need to generate a standalone cert instead of all this server-integrated bullshit and whatnot or bust.
>>51669174
I'm surprised /g/ isn't excited right now, there was a ton of hype when it first got announced november 2014.
>>51669603
>current-day /g/
>interested in anything that isn't the latest smartphone
That's not the /g/ you're on
![1353345099_jedi-mind-trick[1].jpg](https://i.imgur.com/T8ctJWr.jpg "1353345099_jedi-mind-trick[1].jpg")
>>51669629
>installing this botnet onto any real production server
good that your dragon dildos fansite can now have TLS too, noone cares
been using the free SSL from gandi.
will probably stick with it until it expires.
>>51669680
ahahaha get a load of this faggot
>>51669680
and inb4 hurr you can install it manually without the botnet, yea the certificate only lats 3 months not gonna do it manually every time.
>>51669680
>>51669703
a fork will be made if necessary. I wouldn't be surprised if OpenBSD decided to make a fork of the client.
>>51669703
>not knowing what the word "automated" means
finally
How does it work exactly?
Last time i heard about it i saw something about automagically configuring my apache to use their certificate? what if it breaks things?
Im scared.
Cant they just give out certificates? i cant configure that stuff myself.
>>51669777
>i cant configure that stuff
was suposed to say i CAN
>>51669777
Its possible to setup the HTTPS without the client.
>>51669777
The github page seems to be saying something about a standalone mode --certonly
Interesting... Will check it out
>>51669777
if you use it in standalone mode it starts an http server on port 80 to verify the reliance of your request (it checks the validity of the CN of your req), then it gives you the certs file and shut down.
that's all
>>51669816
Fuck, it actually does - and looks like it worked and got the cert.
Im gonna go try and see if the cert itself works
>>51669777
if you're still using apache in 2015, your stuff is already broken
>>51668818
Got in during the limited beta, but my cron job is apparently screwed up. I'll try to get it fixed tonight
>>51668818
>Invitations are no longer needed in order to get free certificates from Let’s Encrypt
Nice. I've been waiting for them to open that up for ages.
Holy shit, its all up and running.
No more ugly untrusted self signed certificates.
>>51670112
What do you use instead?
>>51670517
nginx of course
>>51670517
lighttpd of course
>>51669174
>hurr give me attention!
>>51668818
Is it possible to use it on shared hosting?
Can I use this to sign code?
>>51668818
>There is now no excuse why your websites do not offer HTTPS encrypted connections.
Except for the fact that you have to set up your certificates every 90 days because they want you to use their brain damaged program to auto configure your website.
>>51668818
this is great!
i'm already using it!
a great push towards internet privacy.
>>51670712
ever heard about cron?
I don't fucking get it
who's the CA?
>>51669577
i gave it a try last week and, aside from shitting itself over some of my virtualhosts having internal lan aliases, it pretty much just werked. i'm sure it won't be long until it's exploited though and we end up with skript kiddies being able to get trusted certs for any domain of their choosing.
>>51671194
>muh google certs
Hey, here is a 200 line version of the client. What do you guys think of it?
https://github.com/diafygi/acme-tiny
>>51668818
Finally.
The only thing I don't understand is why do they want everything (including web server config changes) to be automated.
The only thing it really needs is "certonly --webroot" mode, everything else is just unnecessary bloat.
>>51671019
EFF and others.
>>51672210
Because the theory is that automation makes it even more trivial to deploy. Shared hosting or VPS running apache? Nginx? Etc? Offer a 1-click ssl for the registered domains.
>>51670531
this
>>51672301
it's pretty trivial to deploy without most of that.
If I have a webserver running already, I think it's safe to assume that I know how to configure that webserver, especially when adding SSL is just copying the vhost block, adding one line to turn ssl on, and adding one more to point at the cert
All that's really needed is a tiny utility that implements just the certonly --webroot mode of the letsencrypt client, and cron can run that every so often to replace the older cert.
I'm having fun. Already added SSL to 4 websites
>>51672756
Oh, I agree. But they want every mom and pop on a shared host to be able to use it too
>>51668818
what's with that childish name?
>>51672978
whats childish about it? it gets the point straight across that it's about encryption.
>>51672904
Then the host should offer its own automation or at the very least a default SSL config file
>>51672978
>I'M NOT A KID ANYMORE MOM
Any Windows support for the client?
>>51675579
It's Python.
>>51675579
there should be a windows port eventually. like the anon below you said, it's written in python so you can make your own if you know what you're doing.
>>51672756
>If I have a webserver running already, I think it's safe to assume that I know how to configure that webserver
considering just about every "server spin" (i.e. ubuntu server, fedora server) will install apache/nginx/whatever along with the OS without a hitch, that's not really a safe bet anymore these days.
I personally had a running webserver (only on my home network though) for over a year before I felt a need/desire to mess with the configuration
