#letsencrypt

HTTPS: Let's Encrypt bringt Wildcard-Zertifikate - Golem.de
<https: https-let-s-encrypt-bringt-wildcard-zertifikate-1712-131621.html="" news="" www.golem.de="">
#LetsEncrypt #TLS #Verschlüsselung #API #Server #Technologie #Internet #OpenSource #Security</https:>

Golem (inoffiziell)

#LetsEncrypt Looking Forward to 2018 https://letsencrypt.org//2017/12/07/looking-forward-to-2018.html "We are planning to double the number of active certificates"

Dr. Roy Schestowitz (罗伊)

Help create a more #secure and privacy-respecting Web by #donating to Let's Encrypt! https://letsencrypt.org/donate/ #letsencrypt

Tursiops

Email from #Startcom:

>Dear customer, > >As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers. > >The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcom´s website. > >StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. > >StartCom would like to thank you for your support during this difficult time. > >StartCom is contacting some other CAs to provide you with the certificates needed. In case you don´t want us to provide you an alternative, please, contact us at certmaster@startcomca.com > >Please let us know if you need any further assistance with the transition process. We deeply apologize for any inconveniences that this may cause. > > >Best regards, > >StartCom Certification Authority

Startcom served me well for many years but, they fucked up and #LetsEncrypt has become so much damn better anyway.

Jeremy Pope

Abgelaufen: LinkedIn vergisst TLS-Zertifikate - Golem.de
<https: abgelaufen-linkedin-vergisst-tls-zertifikate-1711-131426.html="" news="" www.golem.de="">
#TLS #LetsEncrypt #LinkedIn #SSL #Verschlüsselung #Internet #Security</https:>

Golem (inoffiziell)

Poodle und Drown: Flixbus-Webseite für jahrealte TLS-Fehler anfällig - Golem.de
<https: news="" poodle-und-drown-flixbus-webseite-fuer-jahrealte-tls-fehler-anfaellig-1711-131370.html="" www.golem.de="">
#TLS #CDN #HTTPS #LetsEncrypt #Man-in-the-Middle #SSL #Sicherheitslücke #Verschlüsselung #Paypal #Server</https:>

Golem (inoffiziell)

Mini-DebConf 2017 Toulouse this weekend

Saturday, 2017-11-18 and Sunday, 2017-11-19

Talks in French and English about Debian, Let's Encrypt, Ansible, Accessibility, Privacy, and more

#debian #debconf #minidebconf #france #toulouse #letsencrypt #ansible #accessibility #privacy

debacle@framasphere.org

acme.sh – Shellscript für LetsEncrypt TLS-Zertifikate

TLS-Zertifikate von LetsEncrypt nutze ich seit der "Closed Beta" (2015). Von Anfang an hatte ich dafür das damals promotete Python-Script Certbot benutzt. Das ist aber nicht unbedingt schön, da es viele Abhängigkeiten nachinstalliert und sich eine eigene Python-Umgebung zurecht bastelt. Daher steht seit längerem auf meiner Todo-Liste, ein möglichst einfaches Shell-Script für die Nutzung der LetsEncrypt-Zertifikate zu verwenden. Heute habe ich das auf einem meiner Server eingerichtet und es soll hier dokumentiert werden.

#apache #certbot #foss #howto #letsencrypt #linux #open-source #python #root #script #server #shell #socat #ssl #tls #tooltip #zertifikat
Quelle: https://blog.natenom.com/2017/11/acme-sh-shellscript-fuer-letsencrypt-tls-zertifikate/

certbot/certbot
certbot - Certbot, previously the Let&#39;s Encrypt Client, is EFF&#39;s tool to obtain certs from Let&#39;s Encrypt, and (optionally) auto-enable HTTPS on your server. It can also act as a client...

Natenom

ACME Support in #Apache HTTP Server Project - #LetsEncrypt // #SSL https://letsencrypt.org/2017/10/17/acme-support-in-apache-httpd.html

Simon

#ACME Support in #Apache HTTP Server Project - Let's Encrypt

https://letsencrypt.org/2017/10/17/acme-support-in-apache-httpd.html

#letsencrypt #ssl #security

Jason Robinson

How To Renew A Let’s Encrypt Certificate #letsencrypt #ssl #https https://matechia.xyz/renew-letsencrypt-certificate/

matechia.xyz

Der @devtal Mailserver unterstützt jetzt (endlich) #letsencrypt

/dev/tal

<https: 912365021958672386="" gnuheidix="" status="" twitter.com=""> #LetsEncrypt #Hetzner</https:>

Ute Hauth

Sunday project: Huginn, Docker & Ansible

Some time ago I set up a #Twitter account posting #WWII "as it happened" events to #Socialhome (see here). This was accomplished using Zapier that reads the tweets and then POST's to the Socialhome API.

All that worked great and #Zapier is really nice. Except it's limited to 100 events per month on the free tier and this seems wasn't enough for the WWII tweets coming in. Zapier paid plans are from $20/mo which is way too much just to replicate some tweets.

At first I thought about making my own app to do all this but then I remembered running into Huginn, which I have been wanting to install anyway. It's basically a self-hosted #IFTT or Zapier, but allowing for even more complex stuff like unlimited chaining of events.

Docker + Ansible

I'm pretty new to #Docker but eventually I want to dockerize more of my apps. So of course I was happy to see #Huginn has a Docker image, allowing me to not have to muck about with any more #RoR apps. I use #Ansible for pretty much everything, so it made sense to build a playbook to deploy the app in a Docker container.

Luckily (or thanks to the fantastic Ansible team that is!), maintaining Docker containers with Ansible is as easy as doing anything else with it.

I chose to keep the web server out of the containers to use my standard #LetsEncrypt role for getting SSL on top. This made the role very simple, having only to 1) fetch SSL cert, 2) set up Apache to proxy and 3) push up a container.

The docker_container Ansible module call is basically just this:

 ---
 - docker_container:
   name: huginn
   image: huginn/huginn
   volumes:
     - "{{ huginn_db_volume_mount }}:/var/lib/mysql"
   env:
     APP_SECRET_TOKEN: "{{ huginn_secret }}"
     DOMAIN: "{{ huginn_domain }}"
     FORCE_SSL: "{{ huginn_https}}"
     INVITATION_CODE: "{{ huginn_invitation_code }}"
     MAIL_FROM_ADDRESS: "{{ huginn_mail_from }}"
     RAILS_ENV: production
     SMTP_DOMAIN: "{{ huginn_smtp_domain }}"
     SMTP_PASSWORD: "{{ huginn_smtp_password }}"
     SMTP_PORT: "{{ huginn_smtp_port }}"
     SMTP_SERVER: "{{ huginn_smtp_server }}"
     SMTP_USER_NAME: "{{ huginn_smtp_username }}"
     TWITTER_OAUTH_KEY: "{{ huginn_twitter_key }}"
     TWITTER_OAUTH_SECRET: "{{ huginn_twitter_secret }}"
   register: _docker_huginn

The container IP is then picked up from _docker_huginn by Apache to do the proxying.

The playbook itself, without any extra customization is pretty much here:

 ---
 - hosts: myhost
   become: yes
   become_user: root

   vars:
     letsencrypt_email: youremail@example.com
     huginn_domain: huginn.example.com
     huginn_invitation_code: changeme!
     huginn_secret: changeme!

   roles:
     - huginn

The result is the ansible-huginn role. Tested on #Ubuntu 14.04. Right now a bit limited in terms of configuration that can be passed in. Will expand as necessary.

Fun Huginn stuff

Some initial things I want to do is to use the chaining to make the tweet replicating not embed the tweet, but instead rip out the text + media and create a normal post instead. That should make for cleaner streams with less Twitter JS firing off.

Any tips on fun stuff to do with Huginn?

huginn/huginn
huginn - Create agents that monitor and act on your behalf. Your agents are standing by!

Jason Robinson