Use new cert only when written to Certificate Transparency Log

5imon · May 19, 2017, 2:31pm

I set up certbot to get me new certificates every 60 days, and everything works nicely.
What is not clear to me is this: browsers will start someday to check if the cert is in a Transparency log, and maybe give a warning if the cert is not logged anywhere.
So, how do you handle this scenario? Did you set up scripts that fetch the cert from letsencrypt, and then restart the web server one day after that, hoping that the log has been written in the meantime? Or is this somehow handled by certbot?

Thanks

cpu · May 19, 2017, 2:37pm

This will be handled by the Let’s Encrypt CA embedding the evidence that your certificate has been submitted to a CT log in the certificate itself. You won’t have to change anything on your end. The work is still underway but will be ready before Chrome and other browsers require it.

system · June 18, 2017, 2:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.