Category: PKI

Let’s encrypt has become easier – avoid re-validation by rolling over within 60 days and avoid web server acme certificate protocol permission issues

Posted onLeave a comment

The latest certbot-auto tool comes with a new feature (or I must have missed it 3 months ago) that spawns up a temporary web server on port 443.  This is a huge improvement IMHO as it avoids the permissions hassle you can have on a security-hardened web server installation (be it Apache, IIS, Nginx, …).  The Read More …

Let’s encrypt caveats

Posted onLeave a comment

Following the instructions at https://certbot.eff.org/#ubuntuxenial-apache  didn’t do it for me.   With Apache, it’s always tricky.  I’m currently using a bitnami WordPress EC2 instance, so I had to figure out the certbot stuff. It was actually not that hard.  As with many command line tools, everything starts with reading the documentation 🙂 The certonly option does the trick!  Always. Read More …