Xen project Mailing List

Re: [MirageOS-devel] [GANDI] Expiration of the certificate SSL Standard (mirage.io) in 29 days

From: Anil Madhavapeddy <anil@xxxxxxxxxx>

Date: Thu, 5 May 2016 14:23:34 +0100

Delivery-date: Thu, 05 May 2016 13:23:46 +0000

Domainkey-signature: a=rsa-sha1; c=nofws; d=recoil.org; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; q=dns; s= selector1; b=D5njFgcCspwfet0sjQv2ZraToxOGnV8hK2g4HiQ0QQLQ5HsJk0l f9f0GYHWdeLoVNQ7ozjxP6IXVpwoSljXg4khCVdiPsALIUz42v2p87ItMSsiLub8 eFJHboukCuohXQ6CvI/knmW7UiiejkW8+p+wYtOKwGnZbVZj7vinpYfc=

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

> On 17 Apr 2016, at 22:08, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote: > On 17/04/2016 22:06, Anil Madhavapeddy wrote: >> We have a paid-for certificate at the moment for mirage.io, and I was >> considering switching to letsencrypt instead. Any objections/thoughts on >> this? It may have some compatibility issues on older browsers, but aside >> from that seems like a fine choice worth supporting. > > I'd go for let's encrypt (and use it on https://hannes.nqsb.io). This > whole business of paying money for certificates has to end. There is, > next to the official python client one implemented in sh (calling out to > openssl etc.), which works fine > (https://github.com/lukas2511/letsencrypt.sh/) (notes on this up on Canopy at http://canopy.mirage.io/Wiki/Letsencrypt) The shell script version is amazingly easy to use! I just did: $ git clone https://github.com/lukas2511/letsencrypt.sh $ cd letsencrypt.sh $ git clone https://github.com/bennettp123/letsencrypt.sh-email-notify-hook hooks/email-notify $ ./letsencrypt.sh --cron --domain mirage.io --challenge dns-01 --hook 'hooks/email-notify/hook.sh' # # !! WARNING !! No main config file found, using default config! # + Generating account key... + Registering account key with letsencrypt... Processing mirage.io + Signing domains... + Creating new directory /home/avsm/letsencrypt/letsencrypt.sh/certs/mirage.io ... + Generating private key... + Generating signing request... + Requesting challenge for mirage.io... + Settling down for 10s... + DNS not propagated. Waiting 30s for record creation and replication... + DNS not propagated. Waiting 30s for record creation and replication... + DNS not propagated. Waiting 30s for record creation and replication... + Responding to challenge for mirage.io... + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + Done! The result is live on mirage.io: https://www.ssllabs.com/ssltest/analyze.html?d=mirage.io cheers Anil _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.