Have you already claim your free TLS cert?
https://gethttpsforfree.com/
>>51842416
I already distrusted their CA on all machine I maintain
>>51842525
Why?
>>51842533
I'm guessing its because we use the CA model as a form of server authentication, and when anyone can request a certificate with no trail of money that model is weakened.
It's not that the service is bad, we just aren't prepared for it.
>>51842533
Either he's edgy or a jelly jew.
Can't be for security reasons because the CA pki was fucked from the start, one "hobbyists" CA more or less does not make a difference.
>>51842525
LE's cert is already trusted so no need to manually install it
>>51842762
>im blind
this just motivated me to add a valid cert to one of my machines, thanks /g/
that was a fun test. Client had more overhead than I was expecting, lol docker, but ok.
>>51842824
howdotlscertificateswork?
>>51842924
Youre welcome
>>51842604
You have to have provable access to the server to get a certificate.
>when anyone can request a certificate with no trail of money that model is weakened
No, it isn't. Your cert will be completely equivalent to any other DV certificate. The only time a paper trail might be needed is when you want to bind an identity to the certificate. Your browser will clearly indicate which one is the case for the site you're visiting. Same as always.
>>51842924
There are more bare-bones clients available. The most cited one is simp_le, I think. I use the official one myself, for no reason in particular.
>>51843248
and I was wrong, doesn't install docker, just had a docker directory for some reason. not sure what the virtual environment was.
>>51842936
>im still blind
>>51843248
This. Along with what OP posted above that doesn't need a client, there are alternative clients such as:
Free HTTPS certificates without having to trust the letsencrypt cli with sudo/root
https://github.com/diafygi/letsencrypt-nosudo
Let's Encrypt client and ACME library written in Go (WIP)
https://github.com/xenolf/lego
A tiny script to issue and renew TLS certs from Let's Encrypt (~200 line python script)
https://github.com/diafygi/acme-tiny/
Simple Let's Encrypt client. (crontab friendly)
https://github.com/kuba/simp_le
>>51842525
I'm sorry, Its really easy to do that on accident. Fortunately its a easy problem to fix.
How important is it to revoke these if I stop using them?
I'm likely to wipe out /etc/letsencrypt/ a few times, how stupid is this?
Might be a highjack, but has anyone worked with a company that has their certs in order?
>be me
>access McAfee EPO
>this page is not trusted
>option to trust it permanently is disabled by GP
I lose my shit every time I have to go in there.
>>51843831
>has anyone worked with a company that has their certs in order?
My companies ...everything.
>>51843873
then let me enquire.
How are you handling cert management? Did you establish a local root authority? How does an end user get a cert for their their stupid app that installs IIS for some reason?
>>51843458
They're set to have short expiration periods so you can just let it expire instead of having to revoke
>>51842924
And now I have an A+ rating with ssllabs.
That was fun and easy.
No more people's bitching about self-signed.
