Hi,
On 08/19/2016 03:11 PM, Andreas Meyer wrote:
Certificates from letsencrypt are renewed every three months.
I'm using a Let's Encrypt certificate w/o problems for > 6 months now (three times renewed) for web, SMTP and IMAP. As I'm also using DANE I wrote my own script for also updating the TLSA records. I don't recommend to use the official CertBot client, but use a different one (I use acmetiny; see https://community.letsencrypt.org/t/list-of-client-implementations/2103?u=mr... for a list).
Am 19.08.2016 um 14:40 schrieb Adrian Minta:
The cert doesn't work with old clients.
What do you understand under old?
Ok, Windows XP clients might be problematic regarding SNI and used ciphers, but starting with Vista all clients which use the Windows CryptoAPI and Trust Store are working.
Take Mozilla, there is it supported since Firefox 2.0 (I don't know right now which is the corresponding Thunderbird version, but I expect it to be supported since really early versions).
Java clients are problematic as you need the latest version.
Android works with >= 2.3.6 and iOS iOS >= 3.1.
See https://community.letsencrypt.org/t/which-browsers-and-operating-systems-sup... for a fuller list and feel free to report more working or not working clients, I'll add them there.
MTAs usually don't validate the certificates, so there should be no problem.
-- Best regards, Sven Strickroth PGP key id F5A9D4C4 @ any key-server