2019-04-14 11:13:07
i am using certbot. added cronjob for it to run daily.
fydel
2019-04-14 11:13:34
but i also make a reminder in my calendar. :wink:
fydel
2019-04-14 11:13:54
all links within the page are https now, too.
fydel
2019-04-14 11:14:14
maybe i should enforce https now.
fydel
2019-04-14 11:28:23
weekly is often enough
Rotonen
2019-04-14 11:29:43
IIRC it only does anything, if the cert has less than 30d lifetime left
Rotonen
2019-04-14 11:38:33
okay.
fydel
2019-04-14 11:38:36
good.
fydel
2019-04-14 12:12:52
enforced. no more http now.
https has easier than i expected.
fydel
2019-04-14 12:13:07
i hope all my scripts still work.
fydel
2019-04-14 13:16:13
it is indeed not that hard on a single one off server, it is quite tricky in a bigger org with centralized management and tiered PKI
Rotonen
2019-04-14 14:48:30
adding HSTS headers is the next low hanging fruit for you
Rotonen
2019-04-14 16:40:36
to whomever may concern: i've dropped support for TLSv1.1 across all of my services
Rotonen