PSA: LetsEncrypt ending expiration notification emails
-
evkob@lemmy.careplied to Guest 26 days ago last edited by
Let's Encrypt is run by a non-profit (Internet Security Research Group), they list their major sponsors and funders on their website.
-
chewy7324@discuss.tchncs.dereplied to Guest 26 days ago last edited by
Notable mention of Mozilla being a Platinum sponsor.
-
gofsckyourself@lemmy.worldreplied to Guest 26 days ago last edited by
Just needs an API and an export/import feature.
-
sirmaple__@lemmy.worldreplied to Guest 26 days ago last edited by
I manage all my certs using Cert Warden which has a dashboard that displays the expiry date. It does lack alerting, so I use Uptime-kuma to monitor the expiry dates of the certs. So not a big loss for me.
-
isokiero@sopuli.xyzreplied to Guest 26 days ago last edited by
True. And there's also a ton of devices around which don't trust LetsEncrypt either. There's always edge cases. For example, take a bit older photocopier and it's more than likely that it doesn't trust on anything on this planet anymore and there's no easy way to update CA lists even if the hardware itself is still perfectly functional.
That doesn't mean that your self-signed CA, in itself, would be technically any less secure than the most expensive Verisign certificate you can find. And yes, there's a ton of details and nuances here and there, but I'm not going to go trough every technical detail about how certificates work. I'm not an expert on that field by any stretch even if I do know a thing or two and there's plenty of material online to dig deep into the topic if you want to.
-
corsicanguppy@lemmy.careplied to Guest 26 days ago last edited by
emails
\sigh
-
wildbus8979@sh.itjust.worksreplied to Guest 26 days ago last edited by
I'm good. LE is far more practical for 99% of use cases, even internally.
-
superglue@lemmy.dbzer0.comreplied to Guest 25 days ago last edited by
I think thats the case for most of us. But for some like myself, it does mean I have to do the monitoring myself now. I can't complain it was a free service. But it did warn me about a renewal problem before the cert expired, so it was a useful service for me.
-
justcallmelarry@lemmy.dbzer0.comreplied to Guest 25 days ago last edited by
Not yelling, but pointing out, to people who also dont math, that if we assume $10 per 10k emails (or $1 per 1k, for simpler math), that’d be $84 for 84000 emails in a month, so you need to add another 0 to the figure (ie 840k emails in a month)
-
illecors@lemmy.cafereplied to Guest 25 days ago last edited by
Whole path has to be accessible, not just the file itself. All dirs above the file need to have the executable bit set that affects the user accessing the file.
-
scrubbles@poptalk.scrubbles.techreplied to Guest 25 days ago last edited by
So sendgrid checking does 2.5M emails a month for $90/month, and if call them the Cadillac provider. More than that you have to contact sales, so I'm still wondering how it's that expensive to them
-
forbiddenlake@lemmy.worldreplied to Guest 25 days ago last edited by
You could use a reverse proxy to terminate tls, and take the tls off of ad guard itself.
-
lightnegative@lemmy.worldreplied to Guest 25 days ago last edited by
TIL Cert Warden is a thing. Looks awesome!
-
shortn0te@lemmy.mlreplied to Guest 25 days ago last edited by
How are those devices affected by having no notification anymore? The manual labor exists anyway.
Most network switches and devices have a web gui to switch them out. Those can be automated.
-
kokesh@lemmy.worldreplied to Guest 25 days ago last edited by
I know, but for some reason Adguard can read the fullchain, not privkey. Now it works.
-
jagged_circle@feddit.nlreplied to Guest 25 days ago last edited by
Its done for better security
-
_cryptagion@lemmy.dbzer0.comreplied to Guest 24 days ago last edited by
PSA: If you use Cloudflare to proxy, you can get a free decade long certificate and not worry about it for awhile.
-
hash@slrpnk.netreplied to Guest 24 days ago last edited by
Oh, look: the NSA dangling a carrot on a line.
-
_cryptagion@lemmy.dbzer0.comreplied to Guest 24 days ago last edited by
Hey, if you wanna put your home server out there so the first person who gets pissy at you can DDoS you off the net until your ISP decides to cancel your service, that's a perfectly acceptable decision to make for yourself.
-
cupcakezealot@lemmy.blahaj.zonereplied to Guest 24 days ago last edited by
Just use certbot and cron.
45/56