Let's not encrypt

From: CHYRON (DSMITHHFX)23 Sep 12:57
To: ALL1 of 12
From: CHYRON (DSMITHHFX)23 Sep 18:27
To: Manthorp 2 of 12
You must've connected through a non-finicky browser?
From: CHYRON (DSMITHHFX)24 Sep 13:48
To: ALL3 of 12
(I have a LE certificate on a work server, it has to be renewed every 60-days. supposedly there's a way to automate this process but for whatever reason I do it manually).
From: william (WILLIAMA)24 Sep 18:01
I use one on my OwnCloud server, but I think it's good for 2 years (or 3, I can't remember). Then I'll have to try to work out how to renew it. 
From: CHYRON (DSMITHHFX)24 Sep 19:49
To: william (WILLIAMA) 5 of 12
You paid for it right? 80 bucks a year here, Let's Encrypt ssl is free (which is probably why they have it expire so quickly)
From: william (WILLIAMA)24 Sep 19:59
Nope. As far as I remember it was free and it hangs off Certbot. The only time I had to do anything at all to it was when they stopped TLS-SNI-01 validation at the end of January (or February?). It lasts for a couple of years and then I have to ask nicely if I can do it all again.

From: CHYRON (DSMITHHFX)24 Sep 20:08
To: william (WILLIAMA) 7 of 12
Ah right, that's the automagic version that won't run on my Ubuntu 14.04 PPC server.   :'-( 

I guess 2-minutes attention every 60-days isn't too terrible.
From: Peter (BOUGHTONP)24 Sep 21:51
Automating the process on any standard LAMP server is a piece of piss, and Certbot documentation is easy to follow.

Doing it on a JVM server like Jetty is a pain, and the (usually helpful) Jetty devs wont help. In another month or so I'll find out if I've done enough.

From: Peter (BOUGHTONP)24 Sep 22:05
To: william (WILLIAMA) 9 of 12
> It lasts for a couple of years

Then it's not Let's Encrypt - as per their FAQ:

"Our certificates are valid for 90 days. You can read about why here.

There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days."

However it could be you're using Certbot with another service - since the ISRG aren't idiots, they created a standardised protocol (ACME), and there are several other CAs that use it now.

From: william (WILLIAMA)24 Sep 22:24
To: Peter (BOUGHTONP) 10 of 12
It's definitely Let's Encrypt with Certbot because I went and had a look through my emails when I saw this thread. But I can't even remember installing it all. And ACME does ring a bell. I suppose I should go and check before it all stops working. I do vaguely remember that there's a limit of around a couple of years before I have to reapply to use it - presumably as opposed to expiry.

Anyway, my more immediate concern is whether to update to the latest version of OwnCloud since they withdrew their nice simple upgrade script.
From: CHYRON (DSMITHHFX)24 Sep 23:51
To: Peter (BOUGHTONP) 11 of 12
" a piece of piss "

Not on my server (there are no certbot packages for it). The Let's Encrypt manual route is far, far simpler.
EDITED: 24 Sep 23:58 by DSMITHHFX
From: Manthorp25 Sep 07:30
Chrome Canary with Bitdefender chucking up dark warnings, but letting me through all the same.