Opened 14 months ago

Last modified 14 months ago

#13466 assigned Question/How do I...?

Help setting up HTTPS certificates using LetsEncrypt (Certboot)

Reported by: CLDC Admin Owned by: JaimeV
Priority: Medium Component: Tech
Keywords: certboot, https, letsencrypt Cc: michele@…
Sensitive: no

Description

Hello,

We would like to migrate our website traffic to May First's servers but we have one important question before proceeding: Can we use LetsEncrpt to manage HTTPS certificates for our domain?

We no longer want to purchase SSL certificates from Comodo, etc, and we would like to be able to use a wildcard certificate (which they say are coming Feb. 27 https://letsencrypt.org/2017/12/07/looking-forward-to-2018.html). Ideally, we would also get some direction on how to set certboot up properly. I have tried once on an OS X server but failed.

Please let us know and as always thanks for the excellent work you do.

Jamil

Change History (3)

comment:1 Changed 14 months ago by JaimeV

Owner: set to JaimeV
Status: newassigned

Yes you can. In fact you can do this automatically through the MFPL control panel. Take a look at these instructions and let me know if you have any additional questions.

https://support.mayfirst.org/wiki/faq/security/setup-certificate

comment:2 Changed 14 months ago by CLDC Admin

Thanks Jaime, I read through that tutorial and it seems very straightforward. Will the certificate cover common auto-discovery subdomains such as mail.cldc.org? Also, will you be adding support for wildcard SSL certs when they become available later this month?

P.S. I could login to May First support last week; and when I sent my reply via email I got an error. Everything seems to be fixed now…

comment:3 Changed 14 months ago by CLDC Admin

Sorry, I should have said: will you be supporting auto-renewal of LetsEncrypt wildcard SSL certs? That is what is coming later this month, I believe. I have been waiting for this capability because it really makes the entire process of adding a certificate for a domain much cleaner—e.g., people will not get a message from their mail clients saying they need to make a certificate exception, etc., when they are setting up their accounts.

Which reminds me to ask: Does your system auto-generate DKIM keys (and/or SPF records, etc.) by default as well—i.e., practices to prevent mail going to junk mail or being blacklisted?

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.