Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1] 2

Author Topic: Let's Encrpyt  (Read 6475 times)

chenks

  • Kitizen
  • ****
  • Posts: 1106
Let's Encrpyt
« on: June 08, 2018, 05:40:29 PM »

anyone used Let's Encrpyt for free SSL certificates?
i'm looking at it thinking there must be a catch somewhere, but so far i've not spotted one.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Let's Encrpyt
« Reply #1 on: June 09, 2018, 12:24:12 AM »

I use Let's Encrypt.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

vic0239

  • Reg Member
  • ***
  • Posts: 519
Re: Let's Encrpyt
« Reply #2 on: June 09, 2018, 07:30:56 AM »

I use it too on my NAS and two Raspberry Pi devices. Set to auto-renew, you can just forget about it.
Logged
Lothian Broadband 900/900 + AAISP VDSL, Vigor2865Vac, MikroTik rb260gsp, ZyXel NWA50AX WiFi AP.

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Let's Encrpyt
« Reply #3 on: June 09, 2018, 09:17:59 AM »

Hi

I could be wrong so apologies in advance, but I thought chenks used windows server and not Linux, so if I am correct, LE is not available for window servers

Many thanks

John
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: Let's Encrpyt
« Reply #4 on: June 09, 2018, 09:21:04 AM »

Works perfectly fine with Windows and iis
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Let's Encrpyt
« Reply #5 on: June 09, 2018, 09:26:01 AM »

Ahh sorry

When we first looked/integrated LE it was only for Linux  so it’s clearly moved on

Many thanks

John
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: Let's Encrpyt
« Reply #6 on: June 14, 2018, 03:15:09 PM »

there are a few tools now that will do the work for you with IIS.
two that i've tried are "Certify The Web" and "LetsEncrypt-Win-Simple"

this blog post explains the various methods - https://weblog.west-wind.com/posts/2016/Feb/22/Using-Lets-Encrypt-with-IIS-on-Windows
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Let's Encrpyt
« Reply #7 on: June 14, 2018, 03:36:29 PM »

There is no catch other then I guess they are short lived certificates.  So arguably its harder to administer.  But short lived certificates are the future, its a better way to deal with rogue certificates, no need to blacklist a certificate if it just expires instead, the long term aim is for expiries much shorter than 3 months, some websites rotate certificates several times a week.

The certificate business has long been a bit of a nasty one, companies charging for automated processes just "because they can", a certificate self signed is not less secure than a trusted CA signed one, its just that its CA is not whitelisted in the main browsers so will come up as a untrusted site.  SSL serves two purposes, to protect traffic from interception and to identify the owner as trusted of the website you visiting, but the bottom end certificates that have been sold for decades, dont really verify anything other than domain ownership.

e.g. my PFSense unit has a self signed 20 year certificate thats trusted in my browser, I simply added my own CA to the certificate store on my PC.  I use that CA also for my ESXi server's as well so their web interfaces are also trusted in my browser.

The other issue been as well, the www needs to migrate to full https really, google are pushing it for it as well as other established entities, but people having to pay for certificates was holding things back.  http/2 can make https faster than http for browsing, and TLS 1.3 will shorten load times even more. As usual webmaster's dont tend to care until they have to change for £££, so e.g. when google started derating non https on search results, suddenly takeup spiralled.  It will be the same when they derate ipv4 only sites later in the year to push ipv6 adoption. Notice how TBB migrated their homepage to https, but not their forum, that was about SEO, if it was about enhancing privacy of data they would have done the forum as well.

LetsEncrypt has been setup to basically "correct" the market.  Stop the charging for automated domain ownership checked certificates.  Also to drag down TTL times as well, and to try and force through other modern standards.

The line stats link in my sig is encrypted using a letsencrypt cert and is on http/2.
« Last Edit: June 14, 2018, 03:44:09 PM by Chrysalis »
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: Let's Encrpyt
« Reply #8 on: June 14, 2018, 03:45:14 PM »

The line stats link in my sig is encrypted using a letsencrypt cert and is on http/2.

on a side note, how do you get your dslstats bitloading graph to look correct? mine doesn't.
http://chenks.ddns.net/dslstats/
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Let's Encrpyt
« Reply #9 on: June 14, 2018, 03:49:43 PM »

Dont know, I used the kitz v1 files, which I got from Ned.  The graphs are unmodified generated by dslstats.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: Let's Encrpyt
« Reply #10 on: June 14, 2018, 03:52:00 PM »

Dont know, I used the kitz v1 files, which I got from Ned.  The graphs are unmodified generated by dslstats.

as do i, but for some reason mine is huge and doesn't show the right side of the graph fully.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Let's Encrpyt
« Reply #11 on: June 14, 2018, 03:55:55 PM »

pm me your email address I will share you the files I use so you can check the code.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: Let's Encrpyt
« Reply #12 on: June 14, 2018, 03:59:56 PM »

you sure you're using an unmodified kitz v1 webgui? your top menu layout is different to mine, and i just downloaded the kitz webgui files a few days ago.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: Let's Encrpyt
« Reply #13 on: June 14, 2018, 04:07:04 PM »

The main body is unmodified, I added tbb graphs to top and edited the name to Chrysalis.

My webgui is much older than a few days ago, note I said v1.
Logged

chenks

  • Kitizen
  • ****
  • Posts: 1106
Re: Let's Encrpyt
« Reply #14 on: June 14, 2018, 04:08:08 PM »

anyway, i believe the issue is dslstats config rather then webgui, as the actual PNG file produced for that graph looks the same as it does when on the webgui, so it's dslstats config.
Logged
Pages: [1] 2
 

anything