Rich Freeman on 15 Jan 2016 05:58:44 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Topic Suggestion: Let's Encrypt


On Fri, Jan 15, 2016 at 8:24 AM, Anthony Martin
<anthony.j.martin142@gmail.com> wrote:
>
> 3: I think we should have a talk that starts at the basics and works its way
> up from there for
> a full 1 hour talk as this is something I personally have wanted to look
> into for awhile but
> have not had the time for side projects recently.
>

Certainly if you added a general overview of how SSL works (the
basics) that would expand the talk to about an hour.

One issue if you want to target this at people who've never set up SSL
is that some of the details tend to be distro-specific, and certainly
software-specific.  Even if you just focused on Apache you'd struggle
to give people a recipe that works for everybody, though if distros
set up letsencrypt fully then it is supposed to be idiot-proof.

However, there are lots of software packages that use certificates
besides apache.  I'm using Letsencrypt certificates now for my domain
and it maintains the certificates/keys/etc in a directory in /etc with
a symlink for the most current version.  The auto-configure stuff will
patch your config files to point to it, but you can also point your
config files there manually.  Once you do that then all you should
need to do to maintain it is renew your certs and then reload/restart
your services.  The main exception I've found is courier-imap which
uses a funky approach storing both the private key and the certificate
in the same file - so I just cat those two files together into a file
just for that service.

In any case, I'll let somebody else offer to take this one first if interested.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug