TLS with Let’s Encrypt

From now on I use TLS certificates by Let’s Encrypt for all my services (web, e-mail, XMPP etc.).

This is not a classic certification authority (CA) but an initiative which was originally founded by Mozilla, the EFF and the University of Michigan and is now provided by the Internet Security Research Group (ISRG). The goal of Let’s Encrypt is it to provide encryption everywhere by offering the required certificates for free. Since April 2016 Let’s Encrypt is not beta any longer but officially in operation.

To use Let’s Encrypt a client is required which renews the certificates via the “ACME” protocol on a regular basis as the certificates are only valid for three months. For this I use the shell script getssl with which you can automate the process very easy. This script will be executed with a cron job once a day to check the age of certificates and renew them. It will also tell the affected services to reload their configuration or restart the affected services if required.

Leave a public comment

Your email address will not be published. This is not a contact form! If you want to send me a personal message, use my e-mail address in the imprint.

You can use the following HTML tags in the comment:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>