The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
I use both in Azure and in hosted on-site websites with no problems.
The biggest issue in Azure is getting the renewal automated, which requires that your website has a service level of "always on" to run the renewal web job when necessary.
How did you automate the renewal process? I also have been using LetsEncrypt successfully in both on-prem servers and Azure VMs (dev and test servers). But every 3 months I have to go through the hassle of manually renewing.
I had the same problem at first. You have to select a Azure subscription level that won't shut down the WebJob that does the renewal. If I remember right, when you go to the web job you will probably get a warning about this, and give you the option to update your subscription. Once you do that you should have no more issues with this.
Perusing the source, it's definitely not a hobby project, imo.
This project is work in progress. It works, but probably still has many bugs and needs more testing.
If you are just looking for a Let's Encrypt client or a more mature project, then you should take a look at these projects:
For me looks like hobby project. I am not saying that it not works. Description from the author sends a signal: 'do not use it at home'
Thanks for the link for Self-Hosting. I used another GUI (certify) and everything seemed to go well...the cert shows active with 89 days, the .well-known folder was created, the tests all passed, the certs show up in IIS, bindings seem to be good....still not getting websites to work with https.
What I've done:
0: verified that my ISP is not blocking incoming on 443.
1: Added a port forwarding rule in my home/office router for 443 to the server's internal IP.
2: Tried various binding configurations in IIS.
3: Stopped and restarted the webserver via IIS after changes.
4: Checked my DNS/routing records at the domain registrar...doesn't seem to be anything I need to change here.
5: Googled for most of yesterday and this morning looking for some obvious stupid thing that I have overlooked.
6: Tried using tracert, but it won't work with a protocol in the hostname
All I'm getting when I try to access anything using https is 'can't reach this page...temporary dns error...error code (INET_E_RESOURCE_NOT_FOUND)'.
On a lighter note, I agree wholeheartedly with the idea of self-hosting and have been doing it for my small company for over 15 years.
I am using it for like a 6 months now. The biggest problem was automation for me (still not working 100%), but this is because of my complex setup (2 servers: Windows VPS and in-house ubuntu machine; severals applications like cloud, webpages, mail etc. all using the same certificate), nothing to do with LE which have broad community, lots of software, is supported out-of-the-box by a lot of Open Source projects and have a lot of guides. The only thing that can be hard to do is updating DNS during certification if you need * certificate and your hosting to do not support any APIs for that. Good thing my is just simple webform so I can do it in like 3 lines of Power Shell code even if I had to spend like a day to figure out how to do it.
Yes, it's open and safe. The 3 month renewal requirement is actually a security feature. This makes your service less susceptible to vulnerabilities as you will get patched certificates more often than regular long lived certificates. I have seen my fair share of security vulnerabilities being disclosed that affect some of these long lived certificates generated by paid CA's. So prefer short lived certificates so you don't actually have to rely on not missing any news to ensure your services are protected.
Anyone had issues with it?
Yes, when I first started I didn't get automation right. It solves itself once you get to know what you're doing.
Usually there is a reason things are free...limitations and such
But by being free it means it gets used a lot with a limited amount of budget. The main limitation is that you can only generate 50 certificates per week for a given top level domain. Which in my experience is more than enough for most use cases. See here for more details: Rate Limits - Let's Encrypt - Free SSL/TLS Certificates
To alcohol! The cause of, and solution to, all of life's problems - Homer Simpson
Our heads are round so our thoughts can change direction - Francis Picabia
I use it for 2 sites hosted on a commercial ISP. Unfortunately, the ISP does not support autorenewal (they want you to buy certificates from their provider), but the process of updating the certificates (using certbot-auto on a Debian VM) every 2.5 months takes about half an hour of my time from start to finish, and the cost/benefit versus paying for commercial ones seems worthwhile. I have not encountered any issues.
I use Let's Encrypt on my hosted sites, which run on shared Windows hosts under Plesk. No problems with the certificate per se, but Plesk's renewal process is a pain. It seems to involve installing files on a specific sub-folder and verifying those files by making a non-encrypted http request. This is a pain as the sites are configured to auto-redirect any insecure requests to the https: protocol, so these verification requests fail (as they don't accept a redirect as a valid response). To complicate matters further, many of my sites require authentication on all pages (apart from the login form) so again the verification request fails. I can get around this by explicitly removing authentication for the relevant subfolder, but the automatic redirect to https is more of a pain and I'm finding I have to manually disable this temporarily, manually issue a renew request, then reinstate the redirect. I suspect this is more of a Plesk issue than LetsEncrypt, but it all adds to the hassle.
That said, I have some sites that now run on https that I probably wouldn't have bothered with had I had to buy SSL certs (they're hobby sites essentially).
Thanks for the response! I've spent several hours trying to get https to work on an in-house web server that hosts our secondary website and multiple customer web applications. It still doesn't work.
I was trying it (let's encrypt) out locally before I put it on a new Azure VM that will most likely take over most of the customer web apps. Anyhow, I decided to try a different ACME tool on the new server and in < 10 minutes, had it working! My goal was to have the new server ready by Monday so it's mission accomplished! I suppose I'll find out about renewal issues in a few months.
I've been running my company's secondary website and customer web apps without a cert for around 15 years. Nobody ever complained until chrome started showing the 'Not secure' tag...I think they have plans to make that tag more prominent in future versions. At any rate, I am grateful to the open source community and especially let's encrypt for providing this solutions for free ssl.