Free SSL/TLS Certificate Authority
- Thread starter Lost
- Start date
eva2000
Well-known member
yeah i should change that to nginx only reload
EDIT: updated to use nginx reload and added error and email notifications for failed auto renewals https://community.centminmod.com/posts/20800/
Last edited:
Jesepi
Well-known member
Sorry if my sarcasm detector is broken - but if not...
I wonder why? Surely it can't be due to the fact that it is a dead operating system that had support for over 12 years before Microsoft pulled the plug! I understand legacy applications exist in many environments, but continuing to navigate on the internet using Windows XP is an absolutely AWFUL idea.
If you have to do this you should be using firefox as your browser, as I believe it has its own SSL system built in that may allow the use of letsencrypt as a CA.
If you don't want to pay for a new OS, look into something like http://linuxmint.com or http://www.ubuntu.com/desktop
eva2000
Well-known member
or ask all those WinXP users to switch to Firefox as it has it's own internal SSL implementation so doesn't rely on WinXP systems one
I hope I can contact them?or ask all those WinXP users to switch to Firefox as it has it's own internal SSL implementation so doesn't rely on WinXP systems one
What if they are guest user's .I will still support XP until GA reports 5% below usage.
rainmotorsports
Well-known member
That's cool except for the 90 day renewals making using the automatic client a little more tasty.
Kintaro
Well-known member
cronjobs?
rainmotorsports
Well-known member
Cron job to manually reissue certificates when you can just do it automatically? Not sure where the logic lies.cronjobs?
Kintaro
Well-known member
Maybe I miss something... I see everyone launching the client by cron to auto renew... what's wrong with that?
rainmotorsports
Well-known member
I guess you missed that I was commenting on the post suggesting it was now easier since you can manually get a certificate through that third party website.
An fyi, but it is possible that wosign is going to get a large number of certs blacklisted due to a complete lack of security in their SSL cert issue system.
http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com
Yikes!
http://www.percya.com/2016/08/chinese-ca-wosign-faces-revocation.html
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com
Yikes!
Last edited:
Anthony Parsons
Well-known member
If you use WHM, then you have free SSL via autoSSL, and if you use Cloudflare as your DNS, then you have like 15 year free TLS at a time, so no renewals every year or two.
Fred.
Well-known member
I also have a Certficate from Startcom,
It's valid for one more year. Is it going to work for one more year or is Firefox going to block my certificate in a few months?
I will not renew with Startcom but can I use the certificate for one more year without problems?
That's not really clear to me...
It's valid for one more year. Is it going to work for one more year or is Firefox going to block my certificate in a few months?
I will not renew with Startcom but can I use the certificate for one more year without problems?
That's not really clear to me...
Assuming wosign/startcom aren't caught backdating certs you should be fine. If they are, Mozilla/Firefox plan to de-trust the entire CA chain.
Similar threads
