Codemonkeyx Posted September 6, 2023 Report Share Posted September 6, 2023 I wasn't sure if this was the right forum for this, or if I should open a bug report (not a bug, yet!) or what, but hopefully one of you devs sees this. If you wouldn't mind tossing an ack in here just to let me know you're on it so I don't need to figure out how to escalate it further I would appreciate it, thanks! I've been working on trying to get the client running in my environment and noticed that the cert expiration is imminent (NotAfter 9/11/23). It's a little odd that the cert is only valid for 3 months... it seems like an application like this could just make it never expire and re-issue a cert only if you have a security incident requiring you to do so? For people in a position where they have to trust this cert explicitly for one reason or another having to do so every 3 months is a little cumbersome (as is updating it for you I'm sure!). Just my $0.02! $ openssl s_client -showcerts -connect sunrise.net-7.org:443 ... Certificate chain 0 s:CN = net-7.org i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jun 13 18:57:16 2023 GMT; NotAfter: Sep 11 18:57:15 2023 GMT 1 Quote Link to comment Share on other sites More sharing options...
Zackman [LDEV] Posted September 7, 2023 Report Share Posted September 7, 2023 Hi! Cert is on my list, i changed it yesterday already (so to say "in advance"...). On 9/6/2023 at 3:03 AM, Codemonkeyx said: It's a little odd that the cert is only valid for 3 months Lets Encrypt Cert are never valid more/longer than 3 month. It's since 2012 (when they started) like this. There are bots/script from LE which will renew the cert regulary so you dont have to take care at all. In our scenario it is a bit different since we use the wildcard-cert from the webserver also for the game-server since that cert holds the subdomain as well. The renew-automatism is on the webmachine, so we copy the certs manually all 3 month. I could setup an automatic copy-script between the two (totally different IP range and hoster) machines...someday....sometime....when i am bored... And yes, we could split the certs for the subdomain, but this will require other tasks/preps in advance...someday....sometime....when i am bored... Laterz 1 Quote Link to comment Share on other sites More sharing options...
Kyp [LDEV] Posted September 7, 2023 Report Share Posted September 7, 2023 14 hours ago, Zackman said: I could setup an automatic copy-script between the two (totally different IP range and hoster) machines...someday....sometime....when i am bored... And yes, we could split the certs for the subdomain, but this will require other tasks/preps in advance...someday....sometime....when i am bored... It's on my list too, whichever of us is bored enough first. But yes, this is planned, the last expiration period we had was mostly due to my inattention to it after the migration. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.