Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Feel free next time just to use Cloudflare. For DNS records with proxied records, they attach SSL certificate automatically.
Regardless of what is your domain provider, u can redirect your domain to Cloudflare with writing cloudlare nameservers into your domain settings
And check letsencrypt, this application gives infinity free certificates, auto-generated at your server location -
C0D4669023yThat awkward moment when all that effort could have been resolved with
> apt install certbot && certbot
And follow the prompts -
@swagnette it is good, but in my opinion it is only first step, the person should do next steps too, in order to remove dependency on all those scammy certificate sellers.
-
C0D4669023y@swagnette it's not 2015 anymore.
Not many places would be running old servers or infrastructure these days that need to install ssl certs manually and maintain them - unless it's on prem still.
Yes it's good to get your hands dirty and know what to do when the tools fail you, it's also good to know how to add / remove TLS ciphers as well since most systems won't auto adjust those. -
Calm your TLS orgasms, please.
Certbot is nice and cloudflare, too.
But start with basics.
Certbot is only one part of the deal as it just generates the certificates.
Installing certificates, making a _proper_ TLS configuration (e.g. enforcing TLS 1.3 with selected algorithms) etc - that's important.
Even more important to understand how Cloudflare works before blindly using it.
Certificates are utterly useless when the TLS configuration is wrong or - even worse - the certificate storage / distribution is clusterfuck (e.g. private certificafe keys can be downloaded publicly because someone did incredibly stupid things).
Cloudflare is nice, but one should understand what Cloudflare origin certificates are and what SNI and other techniques do - cause that's how cloudflare works.
Simple rule: If you can't put an loadbalancer in *front* of Cloudflare as in loadbalance a Cloudflare protected address, don't use cloudflare xD -
Grumm18233y@C0D4 Trust me, my senior (almost 60 now)
head of IT had never heard of ssl or even how to make one.
So later he got asked to generate a private key for some custom webserver that didn't work on IIS.
I end up making one with openssl.
He didn't even took the time to do some research on how it works and what to do... π€¦βοΈ -
Grumm18233y@PonySlaystation Yeah, luckily that software is now under my responsibility and already updated to full c# and IIS.
Domain is managed, loadbalancer setup.
You can't believe how much crap exists from pre-2010 that is still alive (or keeping alive even if it is already dead inside) only because of one person that is stuck in the past. -
@CaptainRant ππππ thaaaaaat's me! You should have heard me (or not) in the office 2 yrs back when I got a feature to finally work.
I went to see the boss after and he's all like, " What was that? I heard a girl scream." π I'm like, "that was me, the feature is working." ππ
Related Rants
Freak yeah!!! Just installed my first SSL Certificate on my Ubuntu Server!!!!! π€πΎπ€πΎπ€πΎπ€πΎπ€πΎ First time I had my IT friend do it. I thought about contacting him again, but then thought, what the hell, let's give 'er a shot. 2 days and a whole lot of anger and frustration later https:// is a green light!!! πππππππ
random
server
network
it
stackoverflow
ubuntu