Lets Encrypt integration

Discussion in 'Feature Requests' started by fbarcenas, Dec 31, 2015.

  1. fbarcenas

    fbarcenas Member

    It would be great if this great free tool could be integrated into ISPCONFIG for generating certificates for websites as well as other services like email.
    https://letsencrypt.org/howitworks/
     
    todx likes this.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This is already integrated in ISPConfig 3.1 branch.
     
  3. Nemis

    Nemis Member

  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, you're right. We will change that and remove .well-known only when its empty after removing acme-challenge/.
     
    Nemis likes this.
  5. DDArt

    DDArt Member HowtoForge Supporter

    Look forward to using that, LetsEncrypte.ORG has been getting a lot of PR all over the places, podcasts, security blogs, already gave a record certs out and that came with some negative PR that some misuse the certs for malvertising and hope that won't discourage sys admins from using it or developers like ISPCONFIG from implementing ease of use and adoption to install in their panel.
     
  6. Nemis

    Nemis Member

    Sponsoryzed by people that lost a lot of $$$ from free cert?
    can run an httpS site with malware/virus etc, also with a valid SSL from symantec, globalsign, comodo , verisign ...
     
  7. sjau

    sjau Local Meanie Moderator

    it's not like there aren't any other free ssl cert providers that can also be automated.....
    a ssl connection doesn't mean the entity can be trusted. It only means you've reached the website throught a secure channel.
     
  8. CSoellinger

    CSoellinger New Member

    "It only means"..... i think it's a good point to reach a website through a secure channel :rolleyes:
     
  9. DDArt

    DDArt Member HowtoForge Supporter

    You will find abusers on both sides regardless if they use free or paid certs. The percentage is so small that the benefits in using 'letsencrypt' outweigh the negative stories you or I might hear. Even now I don't mind paying $10/year for a ssl cert, I would rather support the 'let's encrypt' movement instead of giving money to a company like Comodo that rips off Chrome with their own white-labeling (Chromodo) and putting users in danger while browsing.
     
    fbarcenas and ztk.me like this.
  10. fbarcenas

    fbarcenas Member

    Yeah, I rather see us move towards encryption rather than the opposite.
     
  11. William K.

    William K. New Member

  12. Jesse Norell

    Jesse Norell Active Member

  13. sjau

    sjau Local Meanie Moderator

    the official client, which ISPC uses, does not suppor dns-01
     
  14. Jesse Norell

    Jesse Norell Active Member

    I've been wanting to get to setting up letsencrypt certificated for mysql on all ispconfig nodes, and right now I've had to leave port 443 open so the certificates can be validated - DNS-01 would sure be a nicer solution there.

    https://git.ispconfig.org/ispconfig/ispconfig3/issues/4202
     
  15. TomasF

    TomasF New Member

    Hello,
    thanks for letsencrypt integration it works great :) Do you plan to add a posibility to choose certificate type? I am using ECC certs now and RSA is a bit a step back for me due to its size and impact on performance.
     
  16. Jesse Norell

    Jesse Norell Active Member

    I don't believe I've seen it requested or any discussion of it, but go ahead and add an feature request in the issue tracker (and maybe add some details as to the types you'd like to see available).
     
  17. TomasF

    TomasF New Member

    Ok, thank you. Request added #4315 ( I can not insert links :( ) so I hope it is suffice.
     
    Jesse Norell likes this.
  18. Jesse Norell

    Jesse Norell Active Member

Share This Page