2019-04-13 09:22:34
thanks. i will ask you guys if i get stuck.

fydel
2019-04-13 14:55:26
i think it worked.

fydel
2019-04-13 15:27:02
yes, but http does not force you onto https yet

Rotonen
2019-04-13 15:30:36
https://www.ssllabs.com/ssltest/analyze.html?d=snowblossom.hamster.science&hideResults=on

Rotonen
2019-04-13 15:30:45
TLS config looks good too

Rotonen
2019-04-13 15:31:11
a good idea to run that quarterly to see if anything bumps you down to C

Rotonen
2019-04-13 15:31:30
for practical purposes, B and up is good enough

Rotonen
2019-04-13 15:32:12
i guess you use some configuration wizard, probably the letsencrypt client from the distro repos

Rotonen
2019-04-13 15:58:31
thanks.

fydel
2019-04-13 15:58:35
yes i do.

fydel
2019-04-13 15:59:39
okay.

fydel
2019-04-13 16:08:22
then you do not need to worry about keeping up with nuances and obscuria

Rotonen
2019-04-13 16:08:33
yay!!

fydel
2019-04-13 16:08:52
letsencrypt has a paid team of engineering staff and their autopilot keeps your config sane

Rotonen
2019-04-13 16:09:11
just make sure you have it in a crontab

Rotonen
2019-04-13 16:09:45
dunno if that adds itself, actually, but worth double checking

Rotonen
2019-04-13 16:09:58
the LE certs are 90 day DV certs

Rotonen
2019-04-13 16:10:16
and 90 days rolls over surprisingly quick

Rotonen
2019-04-13 16:10:34
okay. thanks for the info.

fydel
2019-04-13 16:12:39
i use this one, but i like single purpose tools and staying on top of the whole stack is a thing for me - posting that in case someone else likeminded is seeking an ACME client (there are also valid single purpose rust and go clients for those so inclined)
https://github.com/zenhack/simp_le Simple Let's Encrypt client

Rotonen
2019-04-13 16:54:01
relatedly mozilla has a nice tool they keep up to date
https://mozilla.github.io/server-side-tls/ssl-config-generator/

Rotonen
2019-04-13 16:55:01
i guess it is time for me to drop TLSv1.1 at this point

Rotonen