Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What could make the forums more popular?
#41
(2018-08-16 22:39:49)aaaaaa123456789 Wrote: Oh right, Let's Encrypt actually works properly now and issues useful certs. I'll probably set something up this weekend or the next then.

bump
I know you've probably got busy things to do, just wanna keep the thread up here so it's not forgotten :p
(2018-08-31 13:49:39)Camer999 Wrote:
(2018-08-16 22:39:49)aaaaaa123456789 Wrote: Oh right, Let's Encrypt actually works properly now and issues useful certs. I'll probably set something up this weekend or the next then.

bump
I know you've probably got busy things to do, just wanna keep the thread up here so it's not forgotten :p

ditto

I don't wanna overdo the bumps though so please do say if this is overdoing it
[-] The following 1 user says Thank You to Camer999 for this post:
  • aaaaaa123456789
Reply
#42
The official implementation is a binary that must be downloaded from the internet manually, requires root access, and admits to update itself remotely without prompting. This is quite unsettling, even if sponsored by the EFF — any vulnerability in their servers would expose everyone using their bot, as an attacker could use that "phone home" feature to push a malicious binary as an update to all servers that use it.

And the manual procedure is extremely tedious, plus you have to do it every three months. If you forget, your website goes down. Certainly not a pleasant thing to deal with.

I still have the tab open, but I'm doubting whether this is a good idea at all.
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
[-] The following 2 users say Thank You to aaaaaa123456789 for this post:
  • Camer999, self
Reply
#43
(2018-09-08 16:38:51)aaaaaa123456789 Wrote: The official implementation is a binary that must be downloaded from the internet manually, requires root access, and admits to update itself remotely without prompting. This is quite unsettling, even if sponsored by the EFF — any vulnerability in their servers would expose everyone using their bot, as an attacker could use that "phone home" feature to push a malicious binary as an update to all servers that use it.

And the manual procedure is extremely tedious, plus you have to do it every three months. If you forget, your website goes down. Certainly not a pleasant thing to deal with.

I still have the tab open, but I'm doubting whether this is a good idea at all.

https://github.com/diafygi/acme-tiny (200 lines of Python, cron-capable, packaged by Debian)
[-] The following 1 user says Thank You to Ringstaart for this post:
  • aaaaaa123456789
Reply
#44
(2018-09-09 15:47:52)Ringstaart Wrote:
(2018-09-08 16:38:51)aaaaaa123456789 Wrote: The official implementation is a binary that must be downloaded from the internet manually, requires root access, and admits to update itself remotely without prompting. This is quite unsettling, even if sponsored by the EFF — any vulnerability in their servers would expose everyone using their bot, as an attacker could use that "phone home" feature to push a malicious binary as an update to all servers that use it.

And the manual procedure is extremely tedious, plus you have to do it every three months. If you forget, your website goes down. Certainly not a pleasant thing to deal with.

I still have the tab open, but I'm doubting whether this is a good idea at all.

https://github.com/diafygi/acme-tiny (200 lines of Python, cron-capable, packaged by Debian)

Can this work with Apache-hosted websites? I only see instructions for nginx there.
If you need to contact me for any reason, or if you have any questions, concerns, problems or requests, message me here or email me at aaaaaa123456789@acidch.at.

This forum has been around for (loading...)
Reply
#45
(2018-09-12 04:42:40)aaaaaa123456789 Wrote:
(2018-09-09 15:47:52)Ringstaart Wrote:
(2018-09-08 16:38:51)aaaaaa123456789 Wrote: The official implementation is a binary that must be downloaded from the internet manually, requires root access, and admits to update itself remotely without prompting. This is quite unsettling, even if sponsored by the EFF — any vulnerability in their servers would expose everyone using their bot, as an attacker could use that "phone home" feature to push a malicious binary as an update to all servers that use it.

And the manual procedure is extremely tedious, plus you have to do it every three months. If you forget, your website goes down. Certainly not a pleasant thing to deal with.

I still have the tab open, but I'm doubting whether this is a good idea at all.

https://github.com/diafygi/acme-tiny (200 lines of Python, cron-capable, packaged by Debian)

Can this work with Apache-hosted websites? I only see instructions for nginx there.

Yes, the nginx instructions just tell nginx to look in the /var/www/challenges directory when receiving a /.well-known/acme-challenge/ path. It works with static filehosting.

https://github.com/diafygi/acme-tiny/issues/79 has Apache configs, and it looks to me like you could perhaps even get away with using a symlink instead of a fancy server config alias, or with pointing acme_tiny at a subdirectory of your regular web root if you set up permissions so that it can't modify anything outside its dedicated space.
[-] The following 1 user says Thank You to Ringstaart for this post:
  • aaaaaa123456789
Reply




Users browsing this thread: 1 Guest(s)