is a self signed certificate always invalid the first time
Peter West
lists at pbw.id.au
Sun Aug 20 12:25:09 EEST 2017
Hi Felix,
I use getssl, which is a bash script, for LE certs. For certs on one server I use http, for the other DNS.
The DNS method depends on your DNS provider. Many providers have an API for updating DNS. getssl provides scripts for a small number of popular providers. Acme.sh provides a greater range of DNS provider APIs.
I added my own linode dns scripts in preference to those provided by getssl. Linode’s 15 minute DNS update delay has to be accounted for.
--
Peter West
pbw at pbw.id.au
“My soul magnifies the Lord…”
> On 20 Aug 2017, at 5:20 pm, Felix Zielcke <fzielcke at z-51.de> wrote:
>
> Am Samstag, den 19.08.2017, 21:39 -0400 schrieb KT Walrus:
>>
>> I use DNS verification for LE certs. Much better since generating
>> certs only depends on access to DNS and not your HTTP servers. Cert
>> generation is automatic (on a cron job that runs every night looking
>> for certs that are within 30 days of expiration). Once set up, it is
>> pretty much automatic. I do use Docker to deploy all services for my
>> website which also makes things pretty easy to manage.
>>
>> Kevin
>
> Hi Kevin,
>
> what software do you use for DNS based verification? I read with the
> official certbot from LE it's not possible to do this fully automated.
> Currently I use the http based method, but would like to switch to DNS
> based.
>
> Greetings
> Felix
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <http://dovecot.org/pipermail/dovecot/attachments/20170820/641c72e2/attachment.sig>
More information about the dovecot
mailing list