[talk] SSL certificates
Mark Saad
mark.saad at ymail.com
Tue Sep 12 13:10:35 EDT 2017
n Tuesday, September 12, 2017, 9:39:32 AM GMT-6, Pete Wright <pete at nomadlogic.org> wrote:
On 09/12/2017 07:38, Michael W. Lucas wrote:
> On Tue, Sep 12, 2017 at 02:24:00PM +0000, George Rosamond wrote:
>> Mark Saad:
>>> All
>>> I was looking tat replace a wildcard ssl cert on a commercial site and I was looking for options .
>>>
>> wildcard certs have security implications to them. Best to avoid.
>>
>
> Out of curiosity: any real-world reason not to do Let's Encrypt?
>
This is a commercial setup, from what I remember LE is for non-commercial setups. Also I need to get two wild cards one for *.mydomain.xxx and *.yyy.mydomain.xxx
and I dont think LE can do the latter.
> I'm pondering writing a book on LE with acme.sh.
i'd be keen to get a copy of that! the devs i support loved your ssh
book, and i loved it b/c i didn't have to actually interact with humans :)
one issue i've had with let's encrypt is trying to use it on private
subdomains on AWS. iirc the system needs to have a public DNS entry as
well as access from the internet to work - i might be mistaken tho on
this...
-pete
--
Pete Wright
pete at nomadlogic.org
@nomadlogicLA
-- Mark Saad | mark.saad at ymail.com
_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20170912/e6ef951f/attachment.htm>
More information about the talk
mailing list