I still think I need to use “manual” mode… Haven’t had time to try that one out.
I cant be installning/portforwarding port 80 and/or 443 to every machine/service/subdomain that I want a certificate for.
Best would have been a * cert, then I could just do the cert+renewal on the web-machine, and then just distribute to the target machines.
Guess that it might work with that option that would allow me to specify multiple subdomains, no idea how to do that tho.
Last time (like 4 months ago) i bought a cert from namecheap.com, all I had to do was to send a CSR from IIS 8, and for verification they sent me an email with a link/code to a “predifined” adress, I think it was email@example.com.
Why 90 days? Explained here
Seems like they will be keeping 90 days. I understand their point, but there’s not a chance in h*ll that I can go into the web-interface of the FTP-server (yeah, and every other service I run, and all the unsecure/selfsigned services I was thinking about fixing for my friends) and update the certs every 60-90 days
I can just as well stop trying to “fix” this now, not a chance that I will take on the overhead / extra-point-of-failure of having to replace all certs every 90 days That will cost way more time (=money) than to just buy 1,2 or 3 year certs (I even think 3 years is too little, just give me a 100-year cert, fire-and-forget!!)
Gah this is like the biggest anticlimax of the year! letsencrypt was actually the coolest tech-thingy I looked forward to during 2015 but now it just totally derailed in a couple of minutes, haha.
Really appreciate your help guys, you saved me lots of time!
Take care, happy holidays! <3
Yeah, as @Aran explained it, thats how I expected it to work The single method that makes MOST sense to a techie-guy, was the most well hidden one. But yeah, guess that has to do with the 90 days thingy, they want it to be automated. Too bad for every service except web-servers