2019-04-13 09:22:34
thanks. i will ask you guys if i get stuck.
fydel
2019-04-13 14:55:26
i think it worked.
fydel
2019-04-13 15:27:02
yes, but http does not force you onto https yet
Rotonen
2019-04-13 15:30:36
https://www.ssllabs.com/ssltest/analyze.html?d=snowblossom.hamster.science&hideResults=on
Rotonen
2019-04-13 15:30:45
TLS config looks good too
Rotonen
2019-04-13 15:31:11
a good idea to run that quarterly to see if anything bumps you down to C
Rotonen
2019-04-13 15:31:30
for practical purposes, B and up is good enough
Rotonen
2019-04-13 15:32:12
i guess you use some configuration wizard, probably the letsencrypt client from the distro repos
Rotonen
2019-04-13 15:58:31
thanks.
fydel
2019-04-13 15:58:35
yes i do.
fydel
2019-04-13 15:59:39
okay.
fydel
2019-04-13 16:08:22
then you do not need to worry about keeping up with nuances and obscuria
Rotonen
2019-04-13 16:08:33
yay!!
fydel
2019-04-13 16:08:52
letsencrypt has a paid team of engineering staff and their autopilot keeps your config sane
Rotonen
2019-04-13 16:09:11
just make sure you have it in a crontab
Rotonen
2019-04-13 16:09:45
dunno if that adds itself, actually, but worth double checking
Rotonen
2019-04-13 16:09:58
the LE certs are 90 day DV certs
Rotonen
2019-04-13 16:10:16
and 90 days rolls over surprisingly quick
Rotonen
2019-04-13 16:10:34
okay. thanks for the info.
fydel
2019-04-13 16:12:39
i use this one, but i like single purpose tools and staying on top of the whole stack is a thing for me - posting that in case someone else likeminded is seeking an ACME client (there are also valid single purpose rust and go clients for those so inclined)
https://github.com/zenhack/simp_le Simple Let's Encrypt client
Rotonen
2019-04-13 16:54:01
relatedly mozilla has a nice tool they keep up to date
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Rotonen
2019-04-13 16:55:01
i guess it is time for me to drop TLSv1.1 at this point
Rotonen