|
Spinners TOP S
the French LES
== TOPLESS (under-dressed)
|
|
|
|
|
Yep, that's the end of the spinners (hurrah!) - looking forward to next week's theme ...
Whenever you find yourself on the side of the majority, it is time to pause and reflect. - Mark Twain
|
|
|
|
|
How to get heard over the hubbub in the scrum: [^]
«Where is the Life we have lost in living? Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?» T. S. Elliot
|
|
|
|
|
Seems appropriate. Most of the Scrum meeting sounds like Russian to me anyway...
Anything that is unrelated to elephants is irrelephant Anonymous
- The problem with quotes on the internet is that you can never tell if they're genuine Winston Churchill, 1944
- Never argue with a fool. Onlookers may not be able to tell the difference. Mark Twain
|
|
|
|
|
Johnny J. wrote: Most of the Scrum meeting sounds like Russian to me anyway...
....and the rest like maniacal yodeling.
|
|
|
|
|
конечно
_______________________________________________________________
Ah don't lean on me man, cause you can't afford the ticket
|
|
|
|
|
I'm getting a new Azure VM ready to host several web apps and am to the point of getting an SSL cert for it. It appears that Let's Encrypt requires renewals more frequently than a 'store bought' ssl but that the renewal can be automated. I might be able to live with that.
Anyhow, to the point...anyone here using let's encrypt? Anyone had issues with it? Usually there is a reason things are free...limitations and such. Thanks for any suggestions/thoughts.
<rant>
Edit: 4 hours later after receiving some encouraging reviews and I can't get it working! Using a GUI tool called certify, I got a cert installed easily, but no joy on connecting via https...now giving a dns error. (INET_E_RESOURCE_NOT_FOUND) The certs (I now have 3 from trying different configurations to get it to work) appear to be valid on the server. The bindings appear to be correct as well. IIS 10 on Server 2016 if it matters.
<afterthought>
I'd hate to find out that my ISP's cable modem is blocking 443...probably not, but I'm running out of reasons why this won't work. wte would dns have to do with it...the sites show up fine with http, but not https.
"Go forth into the source" - Neal Morse
modified 7-Jun-19 9:39am.
|
|
|
|
|
|
How did you automate the renewal process? I also have been using LetsEncrypt successfully in both on-prem servers and Azure VMs (dev and test servers). But every 3 months I have to go through the hassle of manually renewing.
Da Bomb
|
|
|
|
|
|
|
I had the same problem at first. You have to select a Azure subscription level that won't shut down the WebJob that does the renewal. If I remember right, when you go to the web job you will probably get a warning about this, and give you the option to update your subscription. Once you do that you should have no more issues with this.
|
|
|
|
|
|
|
I am using Certify The Web and max renewal time span is 60 days. What software do you using?
No more Mister Nice Guy... >: |
|
|
|
|
|
n.podbielski wrote: What software do you using?
I wrote my own service that checks whether the cert needs to be renewed and then launches a wrapper that provides the command line parameters to GitHub - oocx/acme.net: A .net implementation of ACME (Automatic Certificate Management Environment)[^]
In some cases, I embed the check in the web server itself so I don't need a separate service.
[edit] Richard's post on PKISharp is definitely on my list to investigate! [/edit]
Marc
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Marc Clifton wrote: GitHub - oocx/acme.net:
I see this is just a some hobby project.
Marc Clifton wrote: PKISharp
I probably would have to create my own certificate installer for OS and IIS right? For now Let's Encrypt doing this for me
Marc Clifton wrote: Richard's post on PKISharp is definitely on my list to investigate!
Do you have a link?
No more Mister Nice Guy... >: |
|
|
|
|
|
That link to acme.net has a command line option to update IIS. Works quite well.
Perusing the source, it's definitely not a hobby project, imo.
Latest Article - A 4-Stack rPI Cluster with WiFi-Ethernet Bridging
Learning to code with python is like learning to swim with those little arm floaties. It gives you undeserved confidence and will eventually drown you. - DangerBunny
Artificial intelligence is the only remedy for natural stupidity. - CDP1802
|
|
|
|
|
Marc Clifton wrote: Perusing the source, it's definitely not a hobby project, imo.
From github:
Quote: This project is work in progress. It works, but probably still has many bugs and needs more testing.
If you are just looking for a Let's Encrypt client or a more mature project, then you should take a look at these projects:
For me looks like hobby project. I am not saying that it not works. Description from the author sends a signal: 'do not use it at home'
No more Mister Nice Guy... >: |
|
|
|
|
|
|
Have used it on OpenLearning.com (custom NS) with no problem for a while and have a bunch of servers that using it by automation.
If you don't like the hassle on renewal, maybe cheap SSL from Godaddy or Comodo will do.
{My Greatest Challenge Is Me}*
|
|
|
|
|
I use it for a website and it works great.
The auto-renewal feels a bit clunky in Windows but it's not stopped working *yet* - I use the same auto-renewal linked by Richard Deeming above.
|
|
|
|
|
I use it on QNAP NAS, client site (Linux) and personal usage (Windows). And it works without any issues. Auto renewal is awesome. However, you can not get OV or EV certificate from Let's Encrypt.
There can be only one.
|
|
|
|
|
|
I am using it for like a 6 months now. The biggest problem was automation for me (still not working 100%), but this is because of my complex setup (2 servers: Windows VPS and in-house ubuntu machine; severals applications like cloud, webpages, mail etc. all using the same certificate), nothing to do with LE which have broad community, lots of software, is supported out-of-the-box by a lot of Open Source projects and have a lot of guides. The only thing that can be hard to do is updating DNS during certification if you need * certificate and your hosting to do not support any APIs for that. Good thing my is just simple webform so I can do it in like 3 lines of Power Shell code even if I had to spend like a day to figure out how to do it.
No more Mister Nice Guy... >: |
|
|
|
|