The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,676 other followers

Archive for the ‘Let’s Encrypt (letsencrypt/certbot)’ Category

Keep a Changelog

Posted by jpluimers on 2019/03/20

Lot’s of tips (and translations!) on how to Keep a Changelog [WayBack].

There are lots of useful tips, ranging from content (how to write, what to include) to technicalities (order of entries, unreleased, version numbering, date format) that might seem unimportant but in practice makes using the changelog.

The really cool thing: the site has a changelog of itself showing the best practices.

via:

–jeroen

Posted in Development, Documentation Development, Encryption, Let's Encrypt (letsencrypt/certbot), Security, Software Development | Leave a Comment »

{Updated} Linux server security checklist. #sysadmin 

Posted by jpluimers on 2019/03/11

Most tips are OK, but:

  1. for password related policies, please read these:
  2. If you do DNS, implement DNSSEC
  3. I think ipv6 is OK, but like ipv4 needs to be firewalled
  4. Be really careful with fail2ban and similar tools: they are easy ways to lock yourself out as well, for instance by someone doing a nice (D)DoS on you.

Tips: [WayBack40 Linux Server Hardening Security Tips [2017 edition] – nixCraft

Via:

–jeroen

Posted in *nix, *nix-tools, Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

Installing Let’s Encrypt Free SSL/TLS Certificate in 2 Minutes with Certbot, Spending Hours Making it Work with Cloudflare

Posted by jpluimers on 2019/03/06

If I ever need to get LetsEncrypt to work with CloudFlare, then I need to read [WayBackInstalling Let’s Encrypt Free SSL/TLS Certificate in 2 Minutes with Certbot, Spending Hours Making it Work with Cloudflare

The steps there should save me hours.

Via [WayBcack] Free Let’s Encrypt SSL/TLS certificates are even easier to install than self-signed certificates. I could do so in 2 minutes in my +Linode … – Jean-Luc Aufranc – Google+.

–jeroen

Posted in Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

If parts of your letsencrypt renewals succeed and others give you “urn:acme:error:connection” then just retry

Posted by jpluimers on 2018/12/10

On the same server, part of my letsencrypt renewals worked fine, while others had an error like this:

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/spring4d.4delphi.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for spring4d.4delphi.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/spring4d.4delphi.com.conf produced an unexpected error: Failed authorization procedure. spring4d.4delphi.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Error getting validation data. Skipping.
...
 - The following errors were reported by the server:

   Domain: spring4d.4delphi.com
   Type:   connection
   Detail: Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

A retry worked fine:

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/spring4d.4delphi.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for spring4d.4delphi.com
Waiting for verification...
Cleaning up challenges
...
The following certs were successfully renewed:
  /etc/letsencrypt/live/spring4d.4delphi.com/fullchain.pem (success)

–jeroen

Posted in Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

Nice thread starting on the current state of CAs promoting OV/EV instead of doing innovation, with many comments on how to properly use LetsEncrypt

Posted by jpluimers on 2018/08/24

[Archive.isThread by @sleevi_: “It’s a real shame that CAs have gotten so high off their own supply, that they’ve become blind to the real problems they cause by p… – Kristian Köhntopp – Google+

On CAs: [Archive.is] Thread by @sleevi_: “It’s a real shame that CAs have gotten so high off their own supply, that they’ve become blind to the real problems they cause by promoting OV/EV. It’s almost as if they believe that 1988 had all the solutions, and we’ve been declining since then. Example: Let’s say we accept that organizational identity is a valuable component. Coupling it to TLS is terrible, because it encourages all the bad practices we see – such as making it hard to obtain or automate certificates, discouraging key rotation, extending cert lifetime […]”

–jeroen

Twitter thread:

 

Posted in Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »

 
%d bloggers like this: