LetsEncrypt IP Addresses... It's Actually pretty important

jvanasco · July 30, 2020, 5:25pm

The entire DNS-01 provisioning lifecycle - from running a client, configuring and responding to challenges, and obtaining the certificate - can happen outside of the fragile server.

The only benefit to a paid certificate is only having to install it once a year.

If I were in the OP's situation, I would probably opt for a paid certificate for this reason. Scheduling a manual certificate installation every 2 months is silly, when you can spend under $10 to get a paid 1 year certificate. However... if there were more than 1 certificate/server needed, I would probably write something using Fabric or Invoke to run the DNS-01 challenge locally and then deploy the certificates onto the servers.

Osiris · July 30, 2020, 5:44pm

@rmbolger @jvanasco

I agree that if one would move the issuance of the certificate away from the ancient, security hazard system, it would cost less time to move away from Let’s Encrypt.

Luckily, Buypass offers free certificates through ACME with a lifetime of max. 180 days!

system · August 29, 2020, 5:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help on firewall Help	6	8935	May 22, 2021
Add malicious ip lists to letsdebug Feature Requests	12	1058	May 29, 2021
Suggested resolution to Firewall problems Feature Requests	42	5307	January 21, 2021
Servers and IP addresses used by Let's Encrypt Help	7	4107	June 14, 2024
IP's or network's used by letsencrypt for renew Help	6	80	October 4, 2024

LetsEncrypt IP Addresses... It's Actually pretty important

Related topics