Free SSL/TLS Certificate Authority
- Thread starter Lost
- Start date
eva2000
Well-known member
been playing with Letsencrypt client integration into CentminMod.com for a while now https://community.centminmod.com/th...tes-with-web-root-authentication-method.4635/ for latest Centmin Mod .09 beta 
rafass
Well-known member
What's the difference between this certificates? Which one is better?
Well, WoSign's intermediate certificate is signed with SHA1, which is weak. Probably to keep compatibility with outdated Windows XP installs (which are common in China).
Funny enough, their intermediate certificate is signed by StartCom, another CA that offers free certificates. However, StartCom charges for revocation of their free certificates for any reason, including after HeartBleed. The WooSign website also uses a common DH prime, making any forward secrecy there useless.
They still offer SHA2 certificates and their website setup won't affect your own, so it's not that bad.
Still, Let's Encrypt is signed with SHA256, and their website's HTTPS is setup a little better. Their biggest advantage, though, is the automated client that takes care of creating a CSR, validating it, and adding it to your Apache/nginx configuration automatically. They're aiming to be "the" free certificate authority.
All in all, Let's Encrypt seems to be the way forward.
Funny enough, their intermediate certificate is signed by StartCom, another CA that offers free certificates. However, StartCom charges for revocation of their free certificates for any reason, including after HeartBleed. The WooSign website also uses a common DH prime, making any forward secrecy there useless.
They still offer SHA2 certificates and their website setup won't affect your own, so it's not that bad.
Still, Let's Encrypt is signed with SHA256, and their website's HTTPS is setup a little better. Their biggest advantage, though, is the automated client that takes care of creating a CSR, validating it, and adding it to your Apache/nginx configuration automatically. They're aiming to be "the" free certificate authority.
All in all, Let's Encrypt seems to be the way forward.
Last edited:
Lost
Well-known member
I received my beta invite earlier today as well.
TPerry
Well-known member
90 day lifetimes? Unless you can fully automate it I can see it becoming somewhat of a hassle.
rainmotorsports
Well-known member
It supposed to be fully automated lol
TPerry
Well-known member
Really? It installs itself in my nginx vhost automatically before expiration?
rainmotorsports
Well-known member
Really? It installs itself in my nginx vhost automatically before expiration?
Hey if their tools don't fit your situation that sucks. But the entire idea was automatic server side renewal and thats why 90 days were an acceptable time for them.
rainmotorsports
Well-known member
Cool. I had not yet actually looked at it but I am looking forward to the public launch. I actually let my personal site go for 30 days just to not have to pay for another cert lol.
eva2000
Well-known member
well Centmin Mod's Nginx Letsencrypt integration will get your LE ssl certificate and auto renew for you every 60 days http://centminmod.com/letsencrypt-freessl.html - work in progress https://community.centminmod.com/th...tes-with-web-root-authentication-method.4635/Really? It installs itself in my nginx vhost automatically before expiration?
TPerry
Well-known member
Heck, I've got a valid one for one of my sites for the next 3 years - but I took it offline. Some of the media BBcode embeds are only via HTTP.
Not really some, but most of the media site
.
TPerry
Well-known member
Of the 4 that I created that were specific to the niche of that forum, 2 of them were SSL users and 2 weren't.Not really some, but most of the media site
Kintaro
Well-known member
TPerry
Well-known member
eva2000
Well-known member
Centmin Mod Nginx auto renewal of Letsencrypt SSL certificate via cronjob file http://centminmod.com/letsencrypt-freessl.html#autorenew
Similar threads
- Question
- Question
