lol Chrome use CNNIC too
Doesn't make things better.
Certificates, which are not authenticated in a propper way or issued by an organisation that you not trust, are worthless in my opinion.
Btw:
I have just deleted these CAs in Firefox
lol Chrome use CNNIC too
Doesn't make things better.
Certificates, which are not authenticated in a propper way or issued by an organisation that you not trust, are worthless in my opinion.
Btw:
I have just deleted these CAs in Firefox
I think we can all agree that the error message with non-signed certs sucks. I like the override in Firefox but I hate FF.
Updated: I just installed Let's Encrypt into OMV & OwnCloud, and they're working great!
The disadvantage is the cert only last 90 days, then you need to do a renewal.
https://letsencrypt.org/2015/11/09/why-90-days.html
http://letsencrypt.readthedocs…ing.html#letsencrypt-auto
@'tinh_x7: Could you say a little more about how you did the installation? Did you use the nginx auto install feature of the letsencrypt client? To what extent does the clinet handle auto update of the certificate?
Overall lets encrypt seems to be a great idea for a OMV plugin, the whole point of letsencrypt is to have short life time certificates (90 days) that are then automatically renewed using their client (see https://letsencrypt.org/2015/11/09/why-90-days.html). Ideally an OMV plugin would handle regular running of the client and possibly add the certificate to sickbeard, couchpotato and even ssh. Could it be added to the plugin wish list?
Edit: Public Beta is open on 12/03/15.
One thing I don't like is that you need manually update the certs or write a script to update before it expires.
Regarding installation, I'm install directly on OMV.
The installation is not that bad if you know what you're doing.
If you using a docker, then it's a different approach.
Here's the basic guide:
The first thing to do is register your domains via Let's Encrypt, sub-domains must be submitted individually.
Then wait for them to send an email confirmation.
Next.
1.
2.
# make sure to stop any server running on port 80
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly
# It will prompt you for domains to validate then proceed with ACME
3. Follow the rest of the installation instructions.
Once you successfully generated the certs, it'll shows you the expiration date & the location of the certs.
i.e. /etc/letsencrypt/live/mydomain.com/
4. If you're using Nginx like many of us, then use fullchain.pem & privkey.pem
5. Restart your port 80 service.
6. Copy & paste fullchain & privkey to your OMV SSL via web gui.
7. Done.
Anyone managed to request a LetsEncrypt certificate using their app on a OMV server that cannot open 80 or 443 port?
My ISP doesn't allow me to open port 80 or 443.
Tnx
Stop port 80 temporarily.
Then generate the certificate.
Back then I was a beta tester, so I had to submit my domains to them first before generate the certs.
But now it's open to public, you're no longer require to email them.
It seems like you can generate them locally.
My certs are generated locally, and they've been working great.
https://letsencrypt.readthedocs.org/en/latest/using.html
Zitat
https://letsencrypt.readthedocs.org/en/latest/using.html
ZitatAlles anzeigenEntering Public BetaDec 3, 2015 • Josh Aas, ISRG Executive Director
We’re happy to announce that Let’s Encrypt has entered Public Beta. Invitations are no longer needed in order to get free certificates from Let’s Encrypt.
It’s time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates.
We’d like to thank everyone who participated in the Limited Beta. Let’s Encrypt issued over 26,000 certificates during the Limited Beta period. This allowed us to gain valuable insight into how our systems perform, and to be confident about moving to Public Beta.
We’d also like to thank all of our sponsors for their support. We’re happy to have announced earlier today that Facebook is our newest Gold sponsor.
We have more work to do before we’re comfortable dropping the beta label entirely, particularly on the client experience. Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms. We’ll be monitoring feedback from users closely, and making improvements as quickly as possible.
Instructions for getting a certificate with the Let’s Encrypt client can be found here.
Let’s Encrypt Community Support is an invaluable resource for our community, we strongly recommend making use of the site if you have any questions about Let’s Encrypt.
Let’s Encrypt depends on support from a wide variety of individuals and organizations. Please consider getting involved, and if your company or organization would like to sponsor Let’s Encrypt please email us at sponsor@letsencrypt.org.
Thank you.
Greetings
David
I have finished the plugin for Let's Encrypt and it will be coming to OpenMediaVault very soon
That's awesome!
Can't wait to use it.
I have finished the plugin for Let's Encrypt and it will be coming to OpenMediaVault very soon
Sounds great! Looking forward installing it
Does the plug-in has the feature for auto-renewal?
Does the plug-in has the feature for auto-renewal?
Yes it does.
The plugin is now available in the OMV-Extras.org Testing repository. See my post here
https://buy.wosign.com/free/
If you need now and quick a a ssl cert for free, No personal information needed.
It looks like WoSign no longer offers free SSL Certificates.
It looks like WoSign no longer offers free SSL Certificates.
I suspect that has something to do with the fact that they are being removed from trust stores.
Use the Let's Encrypt plugin.
Use the Let's Encrypt plugin.
I am. It's a good thing Let's Encrypt exists, as they seem to be the only trusted source of free SSL Certificates anymore. StartSSL, which I used to use on all of my websites, is being removed from trust stores as well. Good riddance I say. They were always a pain to deal with and I ended up switching to Let's Encrypt as soon as it came into existence.
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!