[u-u] Expired SSL certificate
Giles Orr
gilesorr at gmail.com
Wed Jan 6 09:22:24 EST 2016
On 30 December 2015 at 21:03, Giles Orr <gilesorr at gmail.com> wrote:
> On 30 December 2015 at 18:12, Alan J Rosenthal <flaps at 56789.ca> wrote:
>>>Free auto-generated certificates valid for 90 days (meant to be
>>>auto-renewed on a cron job):
>>>
>>>https://letsencrypt.org/
>>
>> Also note https://github.com/diafygi/acme-tiny
>>
>>>Technically rather hairy if you don't want their script to have root
>>>access to your machine,
>>
>> Root access is not automatically required to write to the SSL-related
>> files -- just create a new uid for that purpose and have the files owned by
>> this new user, then allow it to do "sudo apache2ctl graceful" or analogous.
>
> It looked more complex than that to me ... but I haven't worked my way
> through all the details yet (I'm having to learn about certificates
> and signing authorities simultaneously).
>
> Now I'm confused though: same guy ("diafygi") also maintains
> "letsencrypt-nosudo" which I was working with:
> https://github.com/diafygi/letsencrypt-nosudo . He seems to be
> working on both (it and acme-tiny) simultaneously, and they're quite
> similar.
Thanks for pointing out acme-tiny: I found it much easier to use. It
will also work with a non-privileged account.
--
Giles
http://www.gilesorr.com/
gilesorr at gmail.com
More information about the u-u
mailing list