ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How Big Will the Impact of Lets Encrypt Be?

    News
    security lets encrypt linux
    11
    57
    16.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dashrender @coliver
      last edited by

      @coliver said:

      @JaredBusch said:

      When is ML going to have SSL? There is really not any reason not to do it. Either StartSSL for a 1 year cert of Let's Encrypt.

      Either way, @Minion-Queen , just (make your minions) do it.

      Out of curiosity what is the driver for ML to be encrypted? It isn't highly sensitive data and your password shouldn't be the same as anywhere else. I could understand from a reputation point-of-view but I don't, necessarily, see the technical one.

      The driver for me is to encrypt everything on the internet. Due to the load on something like Netflix.... I give them a pass.... But the rest, just do it.

      1 Reply Last reply Reply Quote 1
      • J
        JaredBusch
        last edited by

        Windows client in the works here
        https://github.com/ebekker/ACMESharp/releases

        1 Reply Last reply Reply Quote 2
        • A
          Alex Sage
          last edited by

          https://gethttpsforfree.com/

          J 1 Reply Last reply Reply Quote 1
          • J
            JaredBusch @Alex Sage
            last edited by

            @anonymous said:

            https://gethttpsforfree.com/

            I don't understand why anyone would use a site like that. Let's Encrypt certificates have to be renewed every 90 days (and the recommend that you do it every 60 in case of errors).

            1 Reply Last reply Reply Quote 0
            • J
              jospoortvliet Vendor
              last edited by

              A big benefit of Letsencrypt is the automation. The automation on a server box was already mentioned, but it goes further than that: you can create a VM or a liveCD or a docker container etc to distribute your server application and use Letsencrypt. Unlike today, you won't have to use a self-signed certificate or let the receiver of the VM add one by hand, you can generate one with Letsencrypt on the fly! That is a game changer for ISV's who want to simplify deployment for small business customers, really.

              We intend to use it in our official ownCloud VM's (for home users and SMB) and it is also super interesting for our collaboration with Western Digital on creating a self hosting device based on a Raspberry Pi 2. And I'm looking forward to getting it on my server - right now, openSUSE isn't supported, I hope they take care of that soon.

              J 1 Reply Last reply Reply Quote 5
              • S
                scottalanmiller
                last edited by

                That's a great perspective!

                1 Reply Last reply Reply Quote 0
                • J
                  JaredBusch @jospoortvliet
                  last edited by

                  @jospoortvliet said:

                  A big benefit of Letsencrypt is the automation. The automation on a server box was already mentioned, but it goes further than that: you can create a VM or a liveCD or a docker container etc to distribute your server application and use Letsencrypt. Unlike today, you won't have to use a self-signed certificate or let the receiver of the VM add one by hand, you can generate one with Letsencrypt on the fly! That is a game changer for ISV's who want to simplify deployment for small business customers, really.

                  We intend to use it in our official ownCloud VM's (for home users and SMB) and it is also super interesting for our collaboration with Western Digital on creating a self hosting device based on a Raspberry Pi 2. And I'm looking forward to getting it on my server - right now, openSUSE isn't supported, I hope they take care of that soon.

                  I understand your concept, but how will you decide on the DNS name to register? and then how will that get "known" to the world?

                  You setup device XYZ and it auto registers with Let's Encrypt with XYZSerial.productdomain.com

                  Do you also have the device connect to a DDNS so it can be accessible? What do you do about the local DNS? Pray the hairpin routing works?

                  1 Reply Last reply Reply Quote 0
                  • D
                    Dashrender
                    last edited by

                    i had that same question - but then I realized that WesternDigital's Personal Cloud devices already do this. When you run their software it does all of this for you, only with security.

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      JaredBusch @Dashrender
                      last edited by

                      @Dashrender said:

                      i had that same question - but then I realized that WesternDigital's Personal Cloud devices already do this. When you run their software it does all of this for you, only with security.

                      I do now t have any of this gear, nor have I ever seen it. So I still have no idea how they make it work.

                      1 Reply Last reply Reply Quote 0
                      • D
                        Dashrender
                        last edited by

                        Aww - the software has the user setup a dynamic DNS account that they get free with purchase. The software walks them through creating the account, then setups up the DNS name for the device and tells the user what it is.

                        Hey user - if you want to connect to your private WD cloud from anywhere in teh world, just type xyz.somedomain.com into a browser and then login with your username and password.

                        once that step is completed on the device, the software could take over setting up a Let's Encrypt cert itself.

                        J 1 Reply Last reply Reply Quote 0
                        • J
                          JaredBusch @Dashrender
                          last edited by

                          @Dashrender said:

                          Aww - the software has the user setup a dynamic DNS account that they get free with purchase. The software walks them through creating the account, then setups up the DNS name for the device and tells the user what it is.

                          Hey user - if you want to connect to your private WD cloud from anywhere in teh world, just type xyz.somedomain.com into a browser and then login with your username and password.

                          once that step is completed on the device, the software could take over setting up a Let's Encrypt cert itself.

                          That will work great for the let's encrypt cert and outside world access. It will not work so well inside the network unless it also works right with the router.

                          1 Reply Last reply Reply Quote 1
                          • A
                            Alex Sage
                            last edited by

                            Let's Encrypt requires that you register an account email and public key before issuing a certificate.

                            Any reason I shouldn't use the same one I already use for SSH?

                            S 1 Reply Last reply Reply Quote 0
                            • S
                              scottalanmiller @Alex Sage
                              last edited by

                              @anonymous said:

                              Let's Encrypt requires that you register an account email and public key before issuing a certificate.

                              Any reason I shouldn't use the same one I already use for SSH?

                              That's fine.

                              1 Reply Last reply Reply Quote 1
                              • J
                                jospoortvliet Vendor
                                last edited by

                                using letsencrypt right now on my home server, btw. Have a cron job set up to update the cert every month or so, with an easy tool: ACME. Simpler than the 'standard' tool from Lets Encrypt, if you ask me. Go check it out at https://github.com/hlandau/acme 😉

                                J travisdh1T 2 Replies Last reply Reply Quote 3
                                • J
                                  JaredBusch @jospoortvliet
                                  last edited by

                                  @jospoortvliet said:

                                  using letsencrypt right now on my home server, btw. Have a cron job set up to update the cert every month or so, with an easy tool: ACME. Simpler than the 'standard' tool from Lets Encrypt, if you ask me. Go check it out at https://github.com/hlandau/acme 😉

                                  I will do that since my servers with LE certs are going to hit the 60 day point next week and should be renewed.

                                  I had not yet gotten around to scripting the renew.

                                  1 Reply Last reply Reply Quote 0
                                  • travisdh1T
                                    travisdh1 @jospoortvliet
                                    last edited by

                                    @jospoortvliet said:

                                    using letsencrypt right now on my home server, btw. Have a cron job set up to update the cert every month or so, with an easy tool: ACME. Simpler than the 'standard' tool from Lets Encrypt, if you ask me. Go check it out at https://github.com/hlandau/acme 😉

                                    I had a good laugh when I spotted the ".travis Try to speed up travis" Apparently I'm slowing things down, tho I do agree that speeding me up would be a good thing 😛

                                    1 Reply Last reply Reply Quote 0
                                    • 1
                                    • 2
                                    • 3
                                    • 3 / 3
                                    • First post
                                      Last post