is a self signed certificate always invalid the first time

Stephan von Krawczynski skraw at ithnet.com
Fri Aug 18 11:05:30 EEST 2017


On Fri, 18 Aug 2017 00:24:39 -0700 (PDT)
Joseph Tam <jtam.home at gmail.com> wrote:

> Michael Felt <michael at felt.demon.nl> writes:
> 
> >> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is
> >> written in pure shell script, so no python dependencies.
> >> https://github.com/Neilpang/acme.sh  
> >
> > Thanks - I might look at that, but as Ralph mentions in his reply -
> > Let's encrypt certs are only for three months - never ending circus.  
> 
> I wouldn't characterize it as a circus.  Once you bootstrap your first
> certificate and install the cert-renew cron script, it's not something
> you have to pay a lot of attention to.  I have a few LE certs in use,
> and I don't think about it anymore: it just works.
> 
> The shorter cert lifetime also helps limit damage if your certificate
> gets compromised.
> 
> Joseph Tam <jtam.home at gmail.com>

Obviously you do not use clustered environments with more than one node per
service.
Else you would not call it "it just works", because in fact the renewal is
quite big bs as one node must do the job while all the others must be
_offline_.

-- 
Regards,
Stephan


More information about the dovecot mailing list