[talk] SSL certificates

Mark Saad mark.saad at ymail.com
Tue Sep 12 13:10:35 EDT 2017

n Tuesday, September 12, 2017, 9:39:32 AM GMT-6, Pete Wright <pete at nomadlogic.org> wrote: 

On 09/12/2017 07:38, Michael W. Lucas wrote:
> On Tue, Sep 12, 2017 at 02:24:00PM +0000, George Rosamond wrote:
>> Mark Saad:
>>> All
>>>    I was looking tat replace a  wildcard ssl  cert on a commercial site and I was looking for options .
>> wildcard certs have security implications to them. Best to avoid.
> Out of curiosity: any real-world reason not to do Let's Encrypt?
This is a commercial setup, from what I remember LE is for non-commercial setups. Also I need to get two wild cards  one for *.mydomain.xxx and *.yyy.mydomain.xxx
and I dont think LE can do the latter. 

> I'm pondering writing a book on LE with acme.sh.
i'd be keen to get a copy of that!  the devs i support loved your ssh 
book, and i loved it b/c i didn't have to actually interact with humans :)

one issue i've had with let's encrypt is trying to use it on private 
subdomains on AWS.  iirc the system needs to have a public DNS entry as 
well as access from the internet to work - i might be mistaken tho on 


Pete Wright
pete at nomadlogic.org

-- Mark Saad | mark.saad at ymail.com

talk mailing list
talk at lists.nycbug.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20170912/e6ef951f/attachment.html>

More information about the talk mailing list