September 21 2016 Wednesday
Switched to Let’s Encrypt for the blog SSL certificate
I had switched the blog to SSL a while back (mainly due to Google threatening that non-SSL website will take a hit in searches). At the time Let's Encrypt (the free, yes free, CA SSL issuer) was just getting started and didn't have roots published to most of the browser root stores. Because of this I went with free certificate available from Start SSL. I'm not disappointed with StartSSL, it's just time to try something else when the StartSSL certificate expired. In fact if you need anything SSL related I'd suggest you give StartSSL a look, they have lots of options are very reasonable on prices.
Still this blog doesn't need EV or anything like that so Let's Encrypt it is. While this blog runs on a Domino server it is fronted by a CentOS server running nginx. These servers are located at Prominic and a quick support request had the required Linux pre-reqs installed on the nginx server.
From there it took maybe 10 minutes to create and install the SSL.
I could outline the steps here, but really, I just followed this:
http://idroot.net/tutorials/how-to-install-letsencrypt-ssl-with-nginx-on-centos-6/
And then used this for the crontab stuff:
https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/
Still this blog doesn't need EV or anything like that so Let's Encrypt it is. While this blog runs on a Domino server it is fronted by a CentOS server running nginx. These servers are located at Prominic and a quick support request had the required Linux pre-reqs installed on the nginx server.
From there it took maybe 10 minutes to create and install the SSL.
I could outline the steps here, but really, I just followed this:
http://idroot.net/tutorials/how-to-install-letsencrypt-ssl-with-nginx-on-centos-6/
And then used this for the crontab stuff:
https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/
Darren Duke
|
September 21 2016 10:55:20 AM
|
ssl security letsencrypt
|
