[Qa-debsources] upcoming SSL cert expiry and letsencrypt
Stefano Zacchiroli
zack at debian.org
Thu Nov 26 10:35:04 UTC 2015
On Wed, Nov 25, 2015 at 10:59:22PM +0100, Matthieu Caneill wrote:
> > I am really interested in lets encrypt and i am interested in doing this
> > for Debsources, BUT, I have never installed SSL certificates and never
> > really saw configs etc so there would be some learning curve for me. If
> > you can bear me then i am happy to take the responsibility..
Great, thanks :)
> However I can back you up with the certificate installation
> instructions for Apache, if needed. But as we already use SSL, it
> should be a matter of replacing the key files.
That's correct. And thanks to you too. Sounds like you and Orestis are a
well-formed team for handling this :)
> Zack: do you know for how long the Let's Encrypt certificates will be
> valid? 1 year?
3 months, the rationale is here (and I agree with it):
https://letsencrypt.org/2015/11/09/why-90-days.html
So in addition to one-off certificate, what it will need doing is
actually automating the renewal process, so that we have to worry only
once about the setup.
FWIW, there is a letsencrypt package in Debian already:
https://tracker.debian.org/pkg/python-letsencrypt
but it's only in experimental for now, and it looks like it still has
some dependency issues.
Cheers.
--
Stefano Zacchiroli . . . . . . . zack at upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader . . . . . @zacchiro . . . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/qa-debsources/attachments/20151126/ea38d220/attachment.sig>
More information about the Qa-debsources
mailing list