#acmesh — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #acmesh, aggregated by home.social.
-
@monotux thanks for the tip 🙂 (or: reminder... IIRC I stumbled upon #smallstep after reading @jwildeboer writing about step-ca and forgot to test it).
For the Molecule Continuous Integration embedded in my #Ansible #acmesh collection, pebble was/is charming as it is *really really really* simple to setup and small.
But I will consider replacing #pebble with smallstep, as it would let me gain Smallstep experience that I could potentially reuse for other (production) use cases.
-
@monotux thanks for the tip 🙂 (or: reminder... IIRC I stumbled upon #smallstep after reading @jwildeboer writing about step-ca and forgot to test it).
For the Molecule Continuous Integration embedded in my #Ansible #acmesh collection, pebble was/is charming as it is *really really really* simple to setup and small.
But I will consider replacing #pebble with smallstep, as it would let me gain Smallstep experience that I could potentially reuse for other (production) use cases.
-
@monotux thanks for the tip 🙂 (or: reminder... IIRC I stumbled upon #smallstep after reading @jwildeboer writing about step-ca and forgot to test it).
For the Molecule Continuous Integration embedded in my #Ansible #acmesh collection, pebble was/is charming as it is *really really really* simple to setup and small.
But I will consider replacing #pebble with smallstep, as it would let me gain Smallstep experience that I could potentially reuse for other (production) use cases.
-
TIL (today I learned): @letsencrypt has a neat little project for running a test CA for the ACME protocol called Pebble.
https://github.com/letsencrypt/pebble
https://letsencrypt.org/2025/04/30/pebbleacmeimplementation
I just wired it into the tests for the foundata.acmesh #Ansible collection inside each #Podman
container to test the webroot challenge end-to-end across all platforms without requiring external infrastructure: -
TIL (today I learned): @letsencrypt has a neat little project for running a test CA for the ACME protocol called Pebble.
https://github.com/letsencrypt/pebble
https://letsencrypt.org/2025/04/30/pebbleacmeimplementation
I just wired it into the tests for the foundata.acmesh #Ansible collection inside each #Podman
container to test the webroot challenge end-to-end across all platforms without requiring external infrastructure: -
TIL (today I learned): @letsencrypt has a neat little project for running a test CA for the ACME protocol called Pebble.
https://github.com/letsencrypt/pebble
https://letsencrypt.org/2025/04/30/pebbleacmeimplementation
I just wired it into the tests for the foundata.acmesh #Ansible collection inside each #Podman
container to test the webroot challenge end-to-end across all platforms without requiring external infrastructure: -
TIL (today I learned): @letsencrypt has a neat little project for running a test CA for the ACME protocol called Pebble.
https://github.com/letsencrypt/pebble
https://letsencrypt.org/2025/04/30/pebbleacmeimplementation
I just wired it into the tests for the foundata.acmesh #Ansible collection inside each #Podman
container to test the webroot challenge end-to-end across all platforms without requiring external infrastructure: -
TIL (today I learned): @letsencrypt has a neat little project for running a test CA for the ACME protocol called Pebble.
https://github.com/letsencrypt/pebble
https://letsencrypt.org/2025/04/30/pebbleacmeimplementation
I just wired it into the tests for the foundata.acmesh #Ansible collection inside each #Podman
container to test the webroot challenge end-to-end across all platforms without requiring external infrastructure: -
Certbot doesn't define CN by default which is required by pgBackRest and OpenVPN as of today. I tried to use a CSR but Certbot doesn't automatically renew those certificates making certbot pointless. I'm now using acme.sh and it just works https://github.com/acmesh-official/acme.sh
-
Certbot doesn't define CN by default which is required by pgBackRest and OpenVPN as of today. I tried to use a CSR but Certbot doesn't automatically renew those certificates making certbot pointless. I'm now using acme.sh and it just works https://github.com/acmesh-official/acme.sh
-
Certbot doesn't define CN by default which is required by pgBackRest and OpenVPN as of today. I tried to use a CSR but Certbot doesn't automatically renew those certificates making certbot pointless. I'm now using acme.sh and it just works https://github.com/acmesh-official/acme.sh
-
Certbot doesn't define CN by default which is required by pgBackRest and OpenVPN as of today. I tried to use a CSR but Certbot doesn't automatically renew those certificates making certbot pointless. I'm now using acme.sh and it just works https://github.com/acmesh-official/acme.sh
-
Certbot doesn't define CN by default which is required by pgBackRest and OpenVPN as of today. I tried to use a CSR but Certbot doesn't automatically renew those certificates making certbot pointless. I'm now using acme.sh and it just works https://github.com/acmesh-official/acme.sh
-
Автопродление TLS тоже ломается
Текст в ленте: Много лет индустрия информационной безопасности старается улучшить стандарты шифрования в сети двумя способами: массовое распространение HTTPS как общего стандарта шифрования для всех сайтов — даже для тех, которым защита формально не требуется. Очень много времени было потрачено на то, чтобы убедить пользователей в важности тотального шифрования абсолютно всех коммуникаций; сокращение сроков выдачи сертификатов SSL/TLS, чтобы стимулировать пользователей внедрять автоматические процедуры/скрипты для автопродления сертификатов, чтобы исключить «человеческий фактор» и забывчивость сисадминов, которые забывают менять сертификаты. Но иногда этого недостаточно. К сожалению, автоматические скрипты продления сертификатов тоже могут выйти из строя.
https://habr.com/ru/companies/globalsign/articles/988804/
#tls #сертификат #acme #letsencrypt #шифрование #certbot #acmesh #dns #bazel
-
Автопродление TLS тоже ломается
Текст в ленте: Много лет индустрия информационной безопасности старается улучшить стандарты шифрования в сети двумя способами: массовое распространение HTTPS как общего стандарта шифрования для всех сайтов — даже для тех, которым защита формально не требуется. Очень много времени было потрачено на то, чтобы убедить пользователей в важности тотального шифрования абсолютно всех коммуникаций; сокращение сроков выдачи сертификатов SSL/TLS, чтобы стимулировать пользователей внедрять автоматические процедуры/скрипты для автопродления сертификатов, чтобы исключить «человеческий фактор» и забывчивость сисадминов, которые забывают менять сертификаты. Но иногда этого недостаточно. К сожалению, автоматические скрипты продления сертификатов тоже могут выйти из строя.
https://habr.com/ru/companies/globalsign/articles/988804/
#tls #сертификат #acme #letsencrypt #шифрование #certbot #acmesh #dns #bazel
-
Автопродление TLS тоже ломается
Текст в ленте: Много лет индустрия информационной безопасности старается улучшить стандарты шифрования в сети двумя способами: массовое распространение HTTPS как общего стандарта шифрования для всех сайтов — даже для тех, которым защита формально не требуется. Очень много времени было потрачено на то, чтобы убедить пользователей в важности тотального шифрования абсолютно всех коммуникаций; сокращение сроков выдачи сертификатов SSL/TLS, чтобы стимулировать пользователей внедрять автоматические процедуры/скрипты для автопродления сертификатов, чтобы исключить «человеческий фактор» и забывчивость сисадминов, которые забывают менять сертификаты. Но иногда этого недостаточно. К сожалению, автоматические скрипты продления сертификатов тоже могут выйти из строя.
https://habr.com/ru/companies/globalsign/articles/988804/
#tls #сертификат #acme #letsencrypt #шифрование #certbot #acmesh #dns #bazel
-
Автопродление TLS тоже ломается
Текст в ленте: Много лет индустрия информационной безопасности старается улучшить стандарты шифрования в сети двумя способами: массовое распространение HTTPS как общего стандарта шифрования для всех сайтов — даже для тех, которым защита формально не требуется. Очень много времени было потрачено на то, чтобы убедить пользователей в важности тотального шифрования абсолютно всех коммуникаций; сокращение сроков выдачи сертификатов SSL/TLS, чтобы стимулировать пользователей внедрять автоматические процедуры/скрипты для автопродления сертификатов, чтобы исключить «человеческий фактор» и забывчивость сисадминов, которые забывают менять сертификаты. Но иногда этого недостаточно. К сожалению, автоматические скрипты продления сертификатов тоже могут выйти из строя.
https://habr.com/ru/companies/globalsign/articles/988804/
#tls #сертификат #acme #letsencrypt #шифрование #certbot #acmesh #dns #bazel
-
🚀 New Release: #Ansible collection foundata.acmesh 1.2.1 🎉
🔐 Rootless service user, configurable storage paths
⏱️ Auto certificate renewal via systemd
📦 Pre-seed cert upload to avoid CA rate limitsProject: https://foundata.com/en/projects/ansible-collection-acmesh/
Examples: https://github.com/foundata/ansible-collection-acmesh/tree/main/roles/run#examples
Galaxy: https://galaxy.ansible.com/ui/repo/published/foundata/acmesh/
-
Decided to turn this Toot (https://mastodon.eddmil.es/@iMeddles/115250286127637292) into a blogpost, with a slightly overly grumpy title. This details why I think acme.sh uses an insecure default, how people using acme.sh should remedy this, and why (despite the title) it's probably not *that* big of a deal:
-
Decided to turn this Toot (https://mastodon.eddmil.es/@iMeddles/115250286127637292) into a blogpost, with a slightly overly grumpy title. This details why I think acme.sh uses an insecure default, how people using acme.sh should remedy this, and why (despite the title) it's probably not *that* big of a deal:
-
Decided to turn this Toot (https://mastodon.eddmil.es/@iMeddles/115250286127637292) into a blogpost, with a slightly overly grumpy title. This details why I think acme.sh uses an insecure default, how people using acme.sh should remedy this, and why (despite the title) it's probably not *that* big of a deal:
-
Decided to turn this Toot (https://mastodon.eddmil.es/@iMeddles/115250286127637292) into a blogpost, with a slightly overly grumpy title. This details why I think acme.sh uses an insecure default, how people using acme.sh should remedy this, and why (despite the title) it's probably not *that* big of a deal:
-
Decided to turn this Toot (https://mastodon.eddmil.es/@iMeddles/115250286127637292) into a blogpost, with a slightly overly grumpy title. This details why I think acme.sh uses an insecure default, how people using acme.sh should remedy this, and why (despite the title) it's probably not *that* big of a deal:
-
TiL that #acmesh, unlike just about any other #acme client I've used, doesn't rotate the private key at renewal by default. And by "TiL" I meant "just had to spend 20 mins reconfiguring a bunch of servers to do it correctly". That'll teach me to read the docs closer and not make assumptions. (I won't learn the lesson of course, but it'll teach me anyway)
-
TiL that #acmesh, unlike just about any other #acme client I've used, doesn't rotate the private key at renewal by default. And by "TiL" I meant "just had to spend 20 mins reconfiguring a bunch of servers to do it correctly". That'll teach me to read the docs closer and not make assumptions. (I won't learn the lesson of course, but it'll teach me anyway)
-
TiL that #acmesh, unlike just about any other #acme client I've used, doesn't rotate the private key at renewal by default. And by "TiL" I meant "just had to spend 20 mins reconfiguring a bunch of servers to do it correctly". That'll teach me to read the docs closer and not make assumptions. (I won't learn the lesson of course, but it'll teach me anyway)
-
TiL that #acmesh, unlike just about any other #acme client I've used, doesn't rotate the private key at renewal by default. And by "TiL" I meant "just had to spend 20 mins reconfiguring a bunch of servers to do it correctly". That'll teach me to read the docs closer and not make assumptions. (I won't learn the lesson of course, but it'll teach me anyway)
-
TiL that #acmesh, unlike just about any other #acme client I've used, doesn't rotate the private key at renewal by default. And by "TiL" I meant "just had to spend 20 mins reconfiguring a bunch of servers to do it correctly". That'll teach me to read the docs closer and not make assumptions. (I won't learn the lesson of course, but it'll teach me anyway)
-
Für Home Assistant lässt sich mit dem Add-on Let's Encrypt ein eigenes SSL-Zertifikat erstellen, um die Kommunikation zwischen dem Server und den Clients abzusichern.
-
Für Home Assistant lässt sich mit dem Add-on Let's Encrypt ein eigenes SSL-Zertifikat erstellen, um die Kommunikation zwischen dem Server und den Clients abzusichern.
-
Für Home Assistant lässt sich mit dem Add-on Let's Encrypt ein eigenes SSL-Zertifikat erstellen, um die Kommunikation zwischen dem Server und den Clients abzusichern.
-
Für Home Assistant lässt sich mit dem Add-on Let's Encrypt ein eigenes SSL-Zertifikat erstellen, um die Kommunikation zwischen dem Server und den Clients abzusichern.
-
Let's Encrypt stellt die @Benachrichtigung für ablaufende Zertifikate ein.
Ein wunderbarer Grund den ganzen Prozess für die eigenen Systeme mit acme.sh zu automatisieren.Ein Beispiel: Für die eigene Nextcloud wird von Certbot auf acme.sh gewechselt.
-
Let's Encrypt stellt die @Benachrichtigung für ablaufende Zertifikate ein.
Ein wunderbarer Grund den ganzen Prozess für die eigenen Systeme mit acme.sh zu automatisieren.Ein Beispiel: Für die eigene Nextcloud wird von Certbot auf acme.sh gewechselt.
-
Let's Encrypt stellt die @Benachrichtigung für ablaufende Zertifikate ein.
Ein wunderbarer Grund den ganzen Prozess für die eigenen Systeme mit acme.sh zu automatisieren.Ein Beispiel: Für die eigene Nextcloud wird von Certbot auf acme.sh gewechselt.
-
Let's Encrypt stellt die @Benachrichtigung für ablaufende Zertifikate ein.
Ein wunderbarer Grund den ganzen Prozess für die eigenen Systeme mit acme.sh zu automatisieren.Ein Beispiel: Für die eigene Nextcloud wird von Certbot auf acme.sh gewechselt.
-
Let's Encrypt stellt die @Benachrichtigung für ablaufende Zertifikate ein.
Ein wunderbarer Grund den ganzen Prozess für die eigenen Systeme mit acme.sh zu automatisieren.Ein Beispiel: Für die eigene Nextcloud wird von Certbot auf acme.sh gewechselt.
-
In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:
The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.
-
In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:
The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.
-
In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:
The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.
-
In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:
The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.
-
In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:
The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.
-
New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS
The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.
#AcmeSh #Docker #GandiLiveDNS #LetSEncrypt #PGP #SaltStack #engineering #security #sysadmin #tip
-
New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS
The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.
#AcmeSh #Docker #GandiLiveDNS #LetSEncrypt #PGP #SaltStack #engineering #security #sysadmin #tip
-
New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS
The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.
#AcmeSh #Docker #GandiLiveDNS #LetSEncrypt #PGP #SaltStack #engineering #security #sysadmin #tip
-
New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS
The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.
#AcmeSh #Docker #GandiLiveDNS #LetSEncrypt #PGP #SaltStack #engineering #security #sysadmin #tip
-
New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS
The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.
#AcmeSh #Docker #GandiLiveDNS #LetSEncrypt #PGP #SaltStack #engineering #security #sysadmin #tip
-
Получаем wildcard сертификат letsencrypt с помощью acme.sh
Получаем wildcard сертификаты с помощью acme.sh и авторизацией по DNS через cloudflare. +Рабочие скрипты.
https://habr.com/ru/articles/845954/
#acmesh #letsencrypt #acmedns #cloudflare #wildcard #domains
-
Получаем wildcard сертификат letsencrypt с помощью acme.sh
Получаем wildcard сертификаты с помощью acme.sh и авторизацией по DNS через cloudflare. +Рабочие скрипты.
https://habr.com/ru/articles/845954/
#acmesh #letsencrypt #acmedns #cloudflare #wildcard #domains
-
Получаем wildcard сертификат letsencrypt с помощью acme.sh
Получаем wildcard сертификаты с помощью acme.sh и авторизацией по DNS через cloudflare. +Рабочие скрипты.
https://habr.com/ru/articles/845954/
#acmesh #letsencrypt #acmedns #cloudflare #wildcard #domains