Let's not encrypt

From: CHYRON (DSMITHHFX)23 Sep 2019 13:57
To: ALL1 of 12
From: CHYRON (DSMITHHFX)23 Sep 2019 19:27
To: Manthorp 2 of 12
You must've connected through a non-finicky browser?
From: CHYRON (DSMITHHFX)24 Sep 2019 14:48
To: ALL3 of 12
(I have a LE certificate on a work server, it has to be renewed every 60-days. supposedly there's a way to automate this process but for whatever reason I do it manually).
From: william (WILLIAMA)24 Sep 2019 19:01
I use one on my OwnCloud server, but I think it's good for 2 years (or 3, I can't remember). Then I'll have to try to work out how to renew it. 
From: CHYRON (DSMITHHFX)24 Sep 2019 20:49
To: william (WILLIAMA) 5 of 12
You paid for it right? 80 bucks a year here, Let's Encrypt ssl is free (which is probably why they have it expire so quickly)
From: william (WILLIAMA)24 Sep 2019 20:59
Nope. As far as I remember it was free and it hangs off Certbot. The only time I had to do anything at all to it was when they stopped TLS-SNI-01 validation at the end of January (or February?). It lasts for a couple of years and then I have to ask nicely if I can do it all again.

From: CHYRON (DSMITHHFX)24 Sep 2019 21:08
To: william (WILLIAMA) 7 of 12
Ah right, that's the automagic version that won't run on my Ubuntu 14.04 PPC server.   :'-( 

I guess 2-minutes attention every 60-days isn't too terrible.
From: Peter (BOUGHTONP)24 Sep 2019 22:51
Automating the process on any standard LAMP server is a piece of piss, and Certbot documentation is easy to follow.

Doing it on a JVM server like Jetty is a pain, and the (usually helpful) Jetty devs wont help. In another month or so I'll find out if I've done enough.

From: Peter (BOUGHTONP)24 Sep 2019 23:05
To: william (WILLIAMA) 9 of 12
> It lasts for a couple of years

Then it's not Let's Encrypt - as per their FAQ:

"Our certificates are valid for 90 days. You can read about why here.

There is no way to adjust this, there are no exceptions. We recommend automatically renewing your certificates every 60 days."

However it could be you're using Certbot with another service - since the ISRG aren't idiots, they created a standardised protocol (ACME), and there are several other CAs that use it now.

From: william (WILLIAMA)24 Sep 2019 23:24
To: Peter (BOUGHTONP) 10 of 12
It's definitely Let's Encrypt with Certbot because I went and had a look through my emails when I saw this thread. But I can't even remember installing it all. And ACME does ring a bell. I suppose I should go and check before it all stops working. I do vaguely remember that there's a limit of around a couple of years before I have to reapply to use it - presumably as opposed to expiry.

Anyway, my more immediate concern is whether to update to the latest version of OwnCloud since they withdrew their nice simple upgrade script.
From: CHYRON (DSMITHHFX)25 Sep 2019 00:51
To: Peter (BOUGHTONP) 11 of 12
" a piece of piss "

Not on my server (there are no certbot packages for it). The Let's Encrypt manual route is far, far simpler.
EDITED: 25 Sep 2019 00:58 by DSMITHHFX
From: Manthorp25 Sep 2019 08:30
Chrome Canary with Bitdefender chucking up dark warnings, but letting me through all the same.