Oh forgot letsencrypt also does not like when you ask about their ip ranges and when you redirect dns of the amazon cloud to different zone files. So basically when you use letsencrypt, you automatically have to open up your webserver (unless you alter your environment on renewals) to amazon abuse. I told these guys from zerossl about this and they should use dedicated range to fall back on, and I think they did, because I don't have time outs any more because of blocked ranges. These people of zerossl have brains, if you tell them about something how they can make it better, they consider it and apply these changes.
-----Original Message----- From: Marc Sent: Thursday, 23 January 2025 09:35 To: 'Benny Pedersen' <me@junc.eu>; dovecot@dovecot.org Subject: RE: Fwd: Fwd: [OFFLIST] Re: connection refused, no error anywhere
I have 0 issues 2-3 years. Besides what can be the issues with some shell scripting. Better than having some code running as root.
I guess you see issues here, because if you ask at letsencrypt who can you sue if they issue a false certificate, why they are not hosting in Europe, why they run as root, you get blocked.
-----Original Message----- From: Benny Pedersen via dovecot <dovecot@dovecot.org> Sent: Thursday, 23 January 2025 09:27 To: dovecot@dovecot.org Subject: Re: Fwd: Fwd: [OFFLIST] Re: connection refused, no error anywhere
Marc via dovecot skrev den 2025-01-23 09:21:
dovecot starts as root, and drops priveleges later, so group it non rooted is a security problem on its own :)
certbot creates letencrypt pem files owned by root and grouped
root,
only the private key cant be readed by other users then root
wtf letsencrypt still requires root?? What an amateur club there. I am using this this, without root, than you can easily switch to zerossl. https://github.com/acmesh-official/acme.sh
1k issues ?, how is this better ?
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org