Comment on Decreasing Certificate Lifetimes to 45 Days
non_burglar@lemmy.world 18 hours agoAre you not using LE certbot to handle renewals? I can’t even imagine doing this manually.
Comment on Decreasing Certificate Lifetimes to 45 Days
non_burglar@lemmy.world 18 hours agoAre you not using LE certbot to handle renewals? I can’t even imagine doing this manually.
Passerby6497@lemmy.world 18 hours ago
Personally, yes. Everything is behind NPM and SSL cert management is handled by certbot.
Professionally? LOL NO. Shit is manual and usually regulated to overnight staff. Been working on getting to the point it is automated though, but too many bespoke apps for anyone to have cared enough to automate the process before me.
Zanathos@lemmy.world 6 hours ago
I’m in the same boat here. I keep sounding the alarm and am making moves so that MY systems won’t be impacted, but it’s not holding water with the other people I work with and the systems they manage. I’m torn between manual intervention to get it started or just letting them deal with it themselves once we hit 45 day renewal periods.
LordKitsuna@lemmy.world 6 hours ago
Can you not just setup an nginx reverse proxy at the network edge to handle the ssl for the domain(s) and not have to worry about the app itself being setup for it? That’s how I’ve always managed all software personal or professional
Zanathos@lemmy.world 3 hours ago
Unfortunately some apps require the certificate be bound to the internal application, and need to be done so through cli or other methods not easily automated. We could front load over reverse proxy but we would still need to take the proxy cert and bind to the internal service for communication to work properly. Thankfully that’s for my other team to figure out as I already have a migration plan for systems I manage.
groet@feddit.org 10 hours ago
One reason for the short certs is to push faster adoption of new technology. Yes that’s about new cryptography in the certs but if you still change all your certs by hand maybe you need to be forced …