PSA: LetsEncrypt ending expiration notification emails
-
[email protected]replied to [email protected] last edited by
True. And there's also a ton of devices around which don't trust LetsEncrypt either. There's always edge cases. For example, take a bit older photocopier and it's more than likely that it doesn't trust on anything on this planet anymore and there's no easy way to update CA lists even if the hardware itself is still perfectly functional.
That doesn't mean that your self-signed CA, in itself, would be technically any less secure than the most expensive Verisign certificate you can find. And yes, there's a ton of details and nuances here and there, but I'm not going to go trough every technical detail about how certificates work. I'm not an expert on that field by any stretch even if I do know a thing or two and there's plenty of material online to dig deep into the topic if you want to.
-
[email protected]replied to [email protected] last edited by
emails
\sigh
-
[email protected]replied to [email protected] last edited by
I'm good. LE is far more practical for 99% of use cases, even internally.
-
[email protected]replied to [email protected] last edited by
I think thats the case for most of us. But for some like myself, it does mean I have to do the monitoring myself now. I can't complain it was a free service. But it did warn me about a renewal problem before the cert expired, so it was a useful service for me.
-
[email protected]replied to [email protected] last edited by
Not yelling, but pointing out, to people who also dont math, that if we assume $10 per 10k emails (or $1 per 1k, for simpler math), that’d be $84 for 84000 emails in a month, so you need to add another 0 to the figure (ie 840k emails in a month)
-
[email protected]replied to [email protected] last edited by
Whole path has to be accessible, not just the file itself. All dirs above the file need to have the executable bit set that affects the user accessing the file.
-
[email protected]replied to [email protected] last edited by
So sendgrid checking does 2.5M emails a month for $90/month, and if call them the Cadillac provider. More than that you have to contact sales, so I'm still wondering how it's that expensive to them
-
[email protected]replied to [email protected] last edited by
You could use a reverse proxy to terminate tls, and take the tls off of ad guard itself.
-
[email protected]replied to [email protected] last edited by
TIL Cert Warden is a thing. Looks awesome!
-
[email protected]replied to [email protected] last edited by
How are those devices affected by having no notification anymore? The manual labor exists anyway.
Most network switches and devices have a web gui to switch them out. Those can be automated.
-
[email protected]replied to [email protected] last edited by
I know, but for some reason Adguard can read the fullchain, not privkey. Now it works.
-
[email protected]replied to [email protected] last edited by
Its done for better security
