"Oh, he is asking that much money for this website? I will create that for only $250 with WordPress. He is just trying to use you"

You fucking wanker. What you don't understand is that you are pushing the companies to a fucking black hole that they won't be able to recover from.

He shows an example of a website which takes 30 sec to load. It's full of hundreds of dreadful plugins. He chose the shittiest stock pictures to make it look "pretty".

When I point out his fucking shite website takes this long to load, he says if the company wants to make the website fast, they will need buy the premium plan of CloudFlare. WHAT THE FUCK are you even talking about?

Not only that, the example website, doesn't even have any SSL. He is saying that the other company didn't want to pay for the SSL. Ever heard of fucking StartSSL or LetsEncrypt?

It's people like you who is responsible for making half of the web an insecure, slow, low-performance space which is prone to hacking.

WordPress was made for blogging. KEEP IT THAT WAY. Stop trying to make your high-performance CMS or eCommerce website with this shite.

Yes please.

(The PM is pretty technical)
One day:
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
PM: Nahh.
*walks away*

Next day:
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Me: Yup!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*

It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?

I hate Wordpress. I hate Wordpress. I hate Wordpress.

Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.

Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.

So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!

Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.

So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.

I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.

GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!

So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.

I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.

I’m gonna explode.

I swear, I’m gonna fucking explode.

After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.

Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.

TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.

I'm not sure if this entirely qualifies and I might have ranted about it a few years ago but fuck it.

My last internship. Company was awesome and my mentor/technical manager got along very well with me to the point that he often asked me to help out with Linux based stuff (he preferred Linux but was a C# guy and wasn't as familiar with it as me (Linux)).

We had to build an internal site thingy (don't remember what it was) and we delivered (me and some interns) and then the publishing moment came so I went to out project manager (a not-as-technical one) and asked if he could install a LetsEncrypt certificate on the site (he knew how and was one of the only ones who had direct access to the server).

He just stared at us and asked why the fuck we needed that since it was an internal thing anyways.
I kindly told that since it's free and can secure the connection, I preferred that and since its more secure, why the fuck not?
He wasn't convinced so it was off.

Next day I came in early and asked my mentor if he could do the SSL since he usually had access to that stuff. He stared at me with "what?" eyes and I explained what the PM said.

Then he immediately ssh'd in and got the damn cert with "we're going to go secure by default, of course!"

A minute later it was all set.

Weekend projects are fun! Although front end is still a challenge, it looks good enough.

Suddenly got the idea to do something with letsencrypt/nginx wildcard subdomains (*.example.com) so created a project around that now through which you can check what your ip address/user agent/operating system/ip version is (maybe more to come) but due to the wildcard part you can enter quite a number of subdomains which all show the related info.

I'd find it very useful myself, not sure if other people would but oh well!

Let's Encrypt-- Opinions?

With all these posts about the death of Steven Hawkings there's one thing which may be overlooked:

LETSENCRYPT WILDCARDS ARE LIVE !!!!!!!

(No offense to Steven Hawkings. He truly was one of the greatest scientists of mankind.)

So I just got this email from a tech company, I registered to send my CV some years ago , about a dev Job openning.

The descripition included:
Java and Angular ( first red flag )

So I go to their site to check it out ...
No https, ping the domain returns an ip from another continent with 500+ ms latency.

Major flaws on the site usability...
Super dumb password recovery method...

I'm fucking outta here dude. I might send them a proposition to fix their servers and at least put it behind letsencrypt though...

And these morons have big clients, like my bank... wtf...

Holy shit getting ssl is easy these days.o.o

GitLab CE crashed after doing a reconfigure, something with the LetsEncrypt client. Hours of debugging later it suddenly works again and the letsencrypt client doesn't throw errors either.

Happy that it works again but I'd like to know WHY it suddenly works again after I pretty much changed nothing (or, I did, but I put everything back to the original values every time a suggestion doesn't work).

Grrrrrrr.

Yesterday evening I began working on an SSL proxying system for dynamic domain names using Let's Encrypt. I finished just a few hours ago and it's working flawlessly!

You remember how much we got milked before LetsEncrypt came to our rescue?

Did anyone else notice how setting up a letsencrypt.org certificate for a domain became a lot easier as this year went on? Certbot + automatic renewal was set up in four commands on my RasPi, I remember it being more difficult to set everything up 🤔

First off murphy is a bitch. Week started off good, nothing bad happening then friday night came and i get an email about a site being down. Ok check it out real quick, cert is expired. No real big deal just a 20 minute fix, didn't bother me that i didn't get an expiry alert. Now is where murphy decided to be the biggest fucking bucktoothed cocksucker, generate a csr for a wildcard domain using an existing key and sent it off when i get it back the private key doesn't match the cert. Again ok maybe i fucked up, generate a selfsigned cert no fucking problem. Contact support to see if they have an idea. Oh now is when it gets fun, the fucking dumbass preceded to tell me how i didn't know what i was doing and how i just had to generate a csr and private key at the same time after i explained to the bastard that I've already tested it with a selfsigned cert. (How does this fucker have a job) By now apparently i was pissed off enough to scare murphy's pansy ass away cause i told the fucker to refund my money, got a list of 30 subdomains and setup letsencrypt on it. Now the part on this that is fucking hilarious is that it took me damn near 24 hours to be called a fucking idiot from a guy that doesn't know his ass between a hole in the fucking ground and 30 minutes of being pissed off more than i have been since i took anger management classes in the 9th grade to say fuck it and switch.

Well. Fuck.

A sunny monday morning. The sun almost glimpsing over the horizon. I'm on my way to the office, taking a breath of fresh cool air. It is infused by the scent of sweet pastries.

I reach the office, but something is different. Why is the door slightly opened? Carefully I grab the door handle. I do my first step past the doorframe and wooosch. Thick and sticky stuff is running done my spine, finding it's way through my clothes. I feel so un-fucking-believably dirty in this very moment.

This should give you an impression how I felt when I had to change a DNS record in this completely broken setup for just a matter of seconds until the letsencrypt client renewed the certificate.

I'm feeling seriously dirty.

What's up with almost every other site having invalid ssl certs, even though they are signed with a future date and by LetsEncrypt, did chrome again distrust a batch?

Am I bad? I charged a client for an SSL Certificate and installation, but just used LetsEncrypt instead, cost me fuck all.

letsencrypt I love you!

When nginx decides to just NOT answer to any IPv4 requests, áfter 2 weeks of having it set up for IPv6, just because I updated the Let's Encrypt certificate..

self::facepalm();

I dug up my old ledger web app that I wrote when I was in my late twenties, as I realized with a tight budget toward the end of this year, I need to get a good view of future balances. The data was encrypted in gpg text files, but the site itself was unencrypted, with simple httpasswd auth. I dove into the code this week, and fixed a lot of crap that was all terrible practice, but all I knew when I wrote it in the mid-2000s. I grabbed a letsencrypt cert, and implemented cookies and session handling. I moved from the code opening and parsing a large gpg file to storing and retrieving all the data in a Redis backend, for a massive performance gain. Finally, I switched the UI from white to dark. It looks and works great, and most importantly, I have that future view that I needed.

Letsencrypt released ACMEv2! Now support for wildcards!

Do you still charge your clients extra for HTTPS being it’s practically a requirement now for SEO purposes?

➡️ Started searching and reading the MailChimp docs.
⬅️ Ended reading the letsencrypt docs about CAA-Records. 🙈

Does anybody knows if letsencrypt SSL works with Cloudflare or not?
Because I'm unable to use letsencrypt SSL while using free version of Cloudflare :(

Last weekend I was working on a small project for a friend of mine: a dockerized webapp, plus API backend and DB. I had some problems with the installation on the vps and had to try out different images and never really did a complete setup of my usual dotfiles. Got it running on an Ubuntu distro. Everything great.
It was the first release so I still had to check that every configuration worked ok, like letsencrypt companion container, the reverse proxy and all that stuff, so I decided to clone the whole project on the server tho make the changes there and then commit them from there.
Docker compose, 10 lines of code, change the hosts and password. Boom everything working. Great... Except for the images in the webapp.

WTF? Check the repo, here they are, all ok. I try different build tactics. Nothing. Even building the app on another docker always the same. Checked browser cache, all the correct ports are open. I even though that maybe react was still using some weird websocket I didn't know, but no.
Damn, I spent 5 hours checking why the f*** the server wouldn't make it out.

Then, finally, the realization...

I didn't install the f******* git-lfs plugin and all I was working with were stupid symbolics links! Webpack never even throw an error for any of the stupid images and the browser would only show a corrupted image, when decoding the base64 string.

Literally the solution took 5 minutes.
F*** changes on production, now I do everything on a fully automated CI.

Been trying to learn Docker when I hit a brick wall. How do I use nginx reverse proxy + letsencrypt with multiple containers? I only managed to do it with a single container. Using docker-compose or stuff like that I guess?

!help

Does anyone know how to use certbot on a Debian stretch azure web service app to generate an SSL cert?

I've got the cert generated and Apache to serve it but it's giving me errors.

I need to bind it in azure somehow but I can't figure out how to export the cert.

My DNS provider does not have an API. They do have one... That is wrong... But on the description page, they say we have to open a ticket to be given access. No requirements. Nothing...

And then I am told "they do no longer offer dns for private hosting". I don't even host with them, I only have a domain with them.

But the magical word is no longer. That means they did offer it. In the description of the API it still says "and for everyone who feels comfortable interacting with a REST API." Oh, and they asked anyone who works on it to be so nice and share any SDK's they might have coded up. Would have shared my SDK. Would have... If no Rust SDK was available yet.

So, what the fuck...
The problem with that is that I need a wildcard certificate for my homelab with DNS validation. So, I need to dynamically set a txt record. Now I wonder... Was this done on purpose? They are selling wild card certificates. Letsencrypt are giving them out for free. I bet they deactivated it, so they can sell more...

Anyway. Solution time.
Short term: I make my own API with black jack and hookers... And selenium.
Long term: I need to fucking move my domains to a different provider.

But what the fuck... What the fuck?

So, I manage my server with docker containers (nginx-proxy and the letsencrypt-companion). I limit access to some subdomains using basic auth, but I want to use client certificates for convenience.

So my questions to the experts:
1) Do you know a good (and convenient) way to manage client certificates ? This should include revoking certs and allowing specific certs only for specific subdomains.
2) Should I use my letsencrypt CA for this or would a self signed CA better suited?
3) Any things I should be aware of?

So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.