Need SSL cert - What's next best?
-
@obsolesce said in Need SSL cert - What's next best?:
@marcinozga said in Need SSL cert - What's next best?:
Can you put reverse proxy in front of that appliance and automate certs on proxy?
Hmm, perhaps. I didn't think of that, but there are other services besides https that the proxy would need to pass through to the server then. Is that possible? Users would access the https stuff over web browser, but agents on their computers would be trying to connect to the same server.domain.com over some custom port, lets say 52274 for example.
Yes, it can be done, with Nginx for example.
-
@dbeato said in Need SSL cert - What's next best?:
One thing, if you don't want automation but want free SSL you can use ZeroSSL
https://zerossl.com/
but you need to install it every 90 days since it is LE.That would still be an issue here. I'll just go the reverse proxy route with NGINX. Full automation with LE means zero maintenance. No automation with LE means way too much maintenance. 2-year SSL cert from somewhere else means less maintenance, but costs.
-
@obsolesce said in Need SSL cert - What's next best?:
@dbeato said in Need SSL cert - What's next best?:
One thing, if you don't want automation but want free SSL you can use ZeroSSL
https://zerossl.com/
but you need to install it every 90 days since it is LE.That would still be an issue here. I'll just go the reverse proxy route with NGINX. Full automation with LE means zero maintenance. No automation with LE means way too much maintenance. 2-year SSL cert from somewhere else means less maintenance, but costs.
Yeah, I am giving you the orher alternatives that make it so much easier to use a proxy for it.
-
@obsolesce said in Need SSL cert - What's next best?:
@dbeato said in Need SSL cert - What's next best?:
I have been using Namecheap
https://www.namecheap.com/security/ssl-certificates.aspxOr Godaddy at times.
What's their root ca?
For Godaddy they are their own and NameCheap uses Comodo.
-
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
-
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
Wow really?
I'll see if I can find that.
-
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
It's only free for personal websites, this would be for production use.
-
I can't just get the cert?
-
That must be for CDN. DNS is free along with the stuff like certs.
-
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
You have to set your domain up in it.
-
@obsolesce said in Need SSL cert - What's next best?:
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
It's only free for personal websites, this would be for production use.
Free for Business too, read the description
-
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
-
@stacksofplates said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
You have to set your domain up in it.
They did this new wording a few days ago.
-
@obsolesce said in Need SSL cert - What's next best?:
@stacksofplates said in Need SSL cert - What's next best?:
Cloudflare does free SSL. That's what I used for my blog since it's GitLab pages and you can't automate the LetsEncrypt part with them. It's valid for I think 15 years.
Wow really?
I'll see if I can find that.
You just set it up and turn your cloud orange. There is nothing to install.
-
@scottalanmiller said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
They can provide you the Origin SSL cert that only works using their CDN.
-
@dbeato said in Need SSL cert - What's next best?:
@scottalanmiller said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
They can provide you the Origin SSL cert that only works using their CDN.
Oh, didn't know. But makes sense.
-
@scottalanmiller said in Need SSL cert - What's next best?:
@dbeato said in Need SSL cert - What's next best?:
@scottalanmiller said in Need SSL cert - What's next best?:
@obsolesce said in Need SSL cert - What's next best?:
I can't just get the cert?
They dont' provide certs, they are a CDN.
They can provide you the Origin SSL cert that only works using their CDN.
Oh, didn't know. But makes sense.
Not new. Had this for a while.
-
@obsolesce I've had a good experience with https://www.sslpoint.com - they're not widely known but we've used them for a few certs over the last 3 years or so (mostly Exchange) and it worked well. The prices are pretty reasonable and support is great (which in most cases you probably won't need).
-
@obsolesce
www.gogetssl.com
Cheap like borscht. -
@obsolesce said in Need SSL cert - What's next best?:
@marcinozga said in Need SSL cert - What's next best?:
Can you put reverse proxy in front of that appliance and automate certs on proxy?
Hmm, perhaps. I didn't think of that, but there are other services besides https that the proxy would need to pass through to the server then. Is that possible? Users would access the https stuff over web browser, but agents on their computers would be trying to connect to the same server.domain.com over some custom port, lets say 52274 for example.
Split the DNS by setting up machine.domain.com internally with a blank A record to the machine’s IP. That keeps the cert situation tidy.