top | item 22191101

(no title)

The EFF is awesome with Let's Encrypt! It was really a dreadful task to buy and renew certificates, especially as out infrastructure back then wasn't that automated.

I think this article is a response to all those ads from VPN companies. They do try to scare people about public WiFi's.

discuss

giancarlostoro|6 years ago

One thing I would love to see in the future is the addition of LetsEncrypt support for major web servers like Nginx and Apache. I think this could go a long way. In the case of Apache it would be one of those "mod" type of packages. Someone feel free to let me know if this is already the case though, I would love to make note of it.

Edit:

Looks like Apache has one called 'md':

https://httpd.apache.org/docs/trunk/mod/mod_md.html

Your move Nginx? :)

zzzcpan|6 years ago

> One thing I would love to see in the future is the addition of LetsEncrypt support for major web servers like Nginx and Apache. I think this could go a long way.

This is not as useful as you think. In nginx you only need a couple of extra lines of configuration to let an external program issue and renew certificates independently from nginx, without reloads, etc. Definitely not worth developing a C nginx module that starts a helper process that does that just so that a few people who run nginx on a single server could get their certificates issued with only one line of configuration.

atonse|6 years ago

Really what we need is what Caddy ended up being. Best practices rolled in as defaults.

That’s why I use caddy just about everywhere that isn’t a load balancer.

seeekr|6 years ago

What you're asking for already exists. The certbot package already takes care of that [1]. No need to develop anything extra for nginx. [1] https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx

mason55|6 years ago

If you’re running nginx on Nix you can do it with just a couple config settings