[u-u] Expired SSL certificate

Giles Orr gilesorr at gmail.com
Wed Jan 6 09:22:24 EST 2016


On 30 December 2015 at 21:03, Giles Orr <gilesorr at gmail.com> wrote:
> On 30 December 2015 at 18:12, Alan J Rosenthal <flaps at 56789.ca> wrote:
>>>Free auto-generated certificates valid for 90 days (meant to be
>>>auto-renewed on a cron job):
>>>
>>>https://letsencrypt.org/
>>
>> Also note https://github.com/diafygi/acme-tiny
>>
>>>Technically rather hairy if you don't want their script to have root
>>>access to your machine,
>>
>> Root access is not automatically required to write to the SSL-related
>> files -- just create a new uid for that purpose and have the files owned by
>> this new user, then allow it to do "sudo apache2ctl graceful" or analogous.
>
> It looked more complex than that to me ... but I haven't worked my way
> through all the details yet (I'm having to learn about certificates
> and signing authorities simultaneously).
>
> Now I'm confused though: same guy ("diafygi") also maintains
> "letsencrypt-nosudo" which I was working with:
> https://github.com/diafygi/letsencrypt-nosudo .  He seems to be
> working on both (it and acme-tiny) simultaneously, and they're quite
> similar.

Thanks for pointing out acme-tiny: I found it much easier to use.  It
will also work with a non-privileged account.

-- 
Giles
http://www.gilesorr.com/
gilesorr at gmail.com


More information about the u-u mailing list