Alert Logic Says LetsEncrypt certs don't work with them


#1

We use an IDS provided by Alert Logic. According to our hosting provider:

We have had issues with LetsEncrypt in the past due to the agent that is used on the servers. For servers it is fine, but we cannot integrate that service to update certs on the IDS. This can lead to the IDS not being able to inspect traffic. We do offer certs that can be purchased through …

We want to move to SSL. Are they just trying to sell me an un-needed certificate?


#2

Without getting more details the only thing I can think of is: Let’s Encrypts certificates are not different from any other DV certificate. So if Alert Logic provides payed DV certificates and offer support for those, but not for Let’s Encrypts certificates, perhaps it’s not the certificate itself, but Alert Logics software implementation?


#3

Based on the language, it’s possible that it’s not “supported” because they don’t have a way to renew the certificates cleanly. If you can’t automate things, it’s a good deal of work to renew manually every 60-90 days. Commercial certificates usually have a minimum expiration of one year, reducing the work needed.

I haven’t dealt with an AlertLogic IDS, so It may be possible to automate against an API or even fake interaction with a web interface, but the effort involved may not be worth it for them, especially if they can mark up the certificate cost a bit to cover their labor.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.