- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
I think it’s a good idea, everyone should be automating this anyway.
I think it’s a good idea, everyone should be automating this anyway.
I just wish I wouldn’t have to renew certs so often.
You’re not supposed to do it manually.
Tell that to all the embedded device manufacturers… switches, appliances, nas, etc.
There’s a whole load of things that will have a massive administrative burden if the frequency is dropped.
Skill issue.
My server does it automatically, but I have few services I can’t make to read the certs from server storage, so I have to manually copy cert content. Especially Adguard Home for some reason refuses to read my certs.
Have the same problem. But symlinks or copying them via cron solved it for me.
Yes! yes | cp -Lrf /etc/letsencrypt/live/…domain…/*.pem /var/snap/adguard-home/current
You could use a reverse proxy to terminate tls, and take the tls off of ad guard itself.
If Apple gets their way, you’ll be renewing every month:
https://certera.com/blog/apples-proposal-to-shorten-ssl-tls-certificate-lifespans-to-45-days-by-2027/
Fuck Apple and Microshit
Its done for better security
Have you tried to automate it?
Fullchain.pem works. Privkey doesn’t. I’ve tried chmod 777 (yes, I know, just testing) and still can’t access the file.
Whole path has to be accessible, not just the file itself. All dirs above the file need to have the executable bit set that affects the user accessing the file.
I know, but for some reason Adguard can read the fullchain, not privkey. Now it works.