[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] [GANDI] Expiration of the certificate SSL Standard (mirage.io) in 29 days

  • To: Hannes Mehnert <hannes@xxxxxxxxxxx>
  • From: Anil Madhavapeddy <anil@xxxxxxxxxx>
  • Date: Thu, 5 May 2016 14:23:34 +0100
  • Cc: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 05 May 2016 13:23:46 +0000
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=recoil.org; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=D5njFgcCspwfet0sjQv2ZraToxOGnV8hK2g4HiQ0QQLQ5HsJk0l f9f0GYHWdeLoVNQ7ozjxP6IXVpwoSljXg4khCVdiPsALIUz42v2p87ItMSsiLub8 eFJHboukCuohXQ6CvI/knmW7UiiejkW8+p+wYtOKwGnZbVZj7vinpYfc=
  • List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

> On 17 Apr 2016, at 22:08, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote:
> On 17/04/2016 22:06, Anil Madhavapeddy wrote:
>> We have a paid-for certificate at the moment for mirage.io, and I was 
>> considering switching to letsencrypt instead.  Any objections/thoughts on 
>> this?  It may have some compatibility issues on older browsers, but aside 
>> from that seems like a fine choice worth supporting.
> I'd go for let's encrypt (and use it on https://hannes.nqsb.io).  This
> whole business of paying money for certificates has to end.  There is,
> next to the official python client one implemented in sh (calling out to
> openssl etc.), which works fine
> (https://github.com/lukas2511/letsencrypt.sh/)

(notes on this up on Canopy at http://canopy.mirage.io/Wiki/Letsencrypt)

The shell script version is amazingly easy to use!  I just did:

$ git clone https://github.com/lukas2511/letsencrypt.sh
$ cd letsencrypt.sh
$ git clone https://github.com/bennettp123/letsencrypt.sh-email-notify-hook 
$ ./letsencrypt.sh --cron --domain mirage.io --challenge dns-01 --hook 
# !! WARNING !! No main config file found, using default config!
+ Generating account key...
+ Registering account key with letsencrypt...
Processing mirage.io
 + Signing domains...
 + Creating new directory /home/avsm/letsencrypt/letsencrypt.sh/certs/mirage.io 
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for mirage.io...
 + Settling down for 10s...
 + DNS not propagated. Waiting 30s for record creation and replication...
 + DNS not propagated. Waiting 30s for record creation and replication...
 + DNS not propagated. Waiting 30s for record creation and replication...
 + Responding to challenge for mirage.io...
 + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
 + Done!

The result is live on mirage.io:


MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.