Re: How to setup certs for https access for Fedora 42?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Charles Dennett wrote:
> On 5/26/25 6:49 AM, Patrick O'Callaghan wrote:
>> On Mon, 2025-05-26 at 00:23 -0700, Samuel Sieb wrote:
>>> If you want a recognized certificate, you either have to buy one or you
>>> can use certbot to get a free one from https://letsencrypt.org/. ; You
>>> need to remember to renew it regularly.  I think they're valid for 3
>>> months at a time.  That's what I use.
>> 
>> IIRC it's now down to 14 days, but certbot takes care of it
>> automatically.
> 
> I use a letsencrypt cert on my personal website.  You'll need the certbot
> package installed.  It includes a timer service that will check at least
> once a day for an an expiring cert and automatically renew it well before it
> expires.  The last one I got was at the end of April and is good until the
> end of July.  However, as Patrick said, they are supposedly shortening the
> time.  Mine actually updates the cert a month before it expires.

Is that in reference to the _option_ to use very short cert
lifetimes, as it announced here?

    https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/

If so, it looks to be entirely optional:

    Our longer-lived certificates, which currently have a
    lifetime of 90 days, will continue to be available
    alongside our six-day offering. Subscribers will be able
    to opt in to short-lived certificates via a certificate
    profile mechanism being added to our ACME API.

Very few, if any, home users will have a need for such short
lifetime certificates.

Most non-home users won't need them either, if they're being
realistic about their attack surface.

If you have it all fully automated, it shouldn't hurt to use
the shorter lifetime, but for the purposes being discussed
here, it _seems_ like a moot point.

-- 
Todd

Attachment: signature.asc
Description: PGP signature

-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux