Die maximale Laufzeit von digitalen Zertifikaten für verschlüsselte Verbindungen zu Web- und anderen Servern wird sich künftig drastisch verkürzen. Im Jahre 2029 sind diese statt mit 398 Tagen nur noch mit 47 Tagen Laufzeit ausgestattet.

Zum Artikel: https://heise.de/-10352867?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Warum eigentlich ist #LetsEncrypt so arschig und stellt die Zertifikats-Erinnerungs-Mails ein?
Weil teuer? Echt jetzt?

Oh hey, CAA records really work

Switched one site from paid TLS certificate to LetsEncrypt and forgot to update DNS record. As expected, LetsEncrypt looks at and refuses to issue a certificate if CAA lists other issuer. Nice

"When Let’s Encrypt, a free certificate authority, started issuing 90 day TLS certificates for websites, it was considered a bold move that helped push the ecosystem towards shorter certificate life times. Beforehand, certificate authorities normally issued certificate lifetimes lasting a year or more. With 4.0, Certbot is now supporting Let’s Encrypt’s new capability for six day certificates through ACME profiles and dynamic renewal at:

- 1/3rd of lifetime left
- 1/2 of lifetime left, if the lifetime is shorter than 10 days"

https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs

How to Install #PeerTube on #Ubuntu VPS

This article provides an in-depth guide demonstrating how to install PeerTube on Ubuntu VPS.
What is PeerTube?
PeerTube is a decentralized, federated video hosting platform powered by WebTorrent and ActivityPub. It enables users to self-host video services and interact with other PeerTube ...
Continued https://blog.radwebhosting.com/how-to-install-peertube-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #letsencrypt #opensource #installguide #selfhosting #selfhosted #videostreaming #decentralized #nodejs #vpsguide #fediverse

Okay, #buypass ist dann vielleicht doch keine Alternative für #letsencrypt. Schade eigentlich, aber so ist das eben --> https://community.buypass.com/t/m1yfby4/future-changes-to-buypass-go-ssl

I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.

And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.

I think I'm in love..

Sounds like we’ll need a EU-based alternative to #letsencrypt:

https://thelibre.news/trump-cuts-funding-to-foss-projects/

"Trump cuts funding to FOSS projects

So far he hasn't been successful, but it might simply be a matter of time."

Much earlier than I expected.

How to Install Centmin Mod on #AlmaLinux #VPS (5 Minute Quick-Start Guide) Here's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
What is Centmin Mod?
Centmin Mod is a shell-based, menu-driven installer that automates the deployment of a LEMP (Linux, Nginx, MariaDB/MySQL, PHP-FPM) stack on CentOS, AlmaLinux, and Rocky Linux servers. Designed for efficiency and performance, it ...
Continued https://blog.radwebhosting.com/how-to-install-centmin-mod-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #letsencrypt #php #csf #centminmod

Hmmm ... also das #Letsencrypt Module von Plesk hat über die Konsole die Option, einen anderen ACME-Server anzugeben, aber funktionieren tut das nicht. Das SSL-Zertifikat kommt dennoch von Lets Encrypt. Das spricht halt direkt wieder gegen Plesk ;)

Random #SelfHosting tip for any who might be interested:

If you use #GetSSL to get your #LetsEncrypt certs, you'll get four files:

* The key (example.com.key)
* The domain cert (example.com.crt)
* The CA cert (chain.crt)
* The "full chain" cert (fullchain.crt)

Make sure to use the full chain cert, *not* the domain cert, when setting up your server. Otherwise some services will give you "unknown authority" errors.

How to Install Centmin Mod on #AlmaLinux #VPS Here's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
What is Centmin Mod?
Centmin Mod is a shell-based, menu-driven installer that automates the deployment of a LEMP (Linux, Nginx, MariaDB/MySQL, PHP-FPM) stack on CentOS, AlmaLinux, and Rocky Linux servers. Designed for efficiency and performance, it streamlines the installation and ...
Continued https://blog.radwebhosting.com/how-to-install-centmin-mod-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #php #centminmod #letsencrypt #csf

#Nextcloud auf einem #RaspberryPi ist sehr tricky, wenn man etwas verändert. Ich hatte sie jetzt einige Tage wunderbar laufen, habe nach langem Recherchieren die #Portfreigabe an der #Fritzbox geändert, um von #Letsencrypt ein SSL-Zertifikat zu bekommen - jetzt sind zwar die Ports offen, aber Zertifikat klappt trotzdem nicht und #Apache läuft auch nicht mehr. Ich steige gerade nicht mehr durch und frage mich, wieviel Zeit ich noch darauf verwenden will. jemand hier mit Erfahrungen?
#unplugtrump

Un Ordine Esecutivo di #Trump blocca i pagamenti all'#OpenTechnologyFund. Da essi dipendono servizi #FOSS critici come #FDroid, #TOR e #LetsEncrypt. Abbiamo bisogno di un impegno serio da parte dell'Unione Europea nello sviluppo di alternative FOSS prima possibile, è seriamente una questione di sicurezza molto più che di principio.
https://www.dday.it/redazione/52530/trump-fara-saltare-il-negozio-open-source-android-f-droid-e-la-rete-tor

Let's Encrypt

In https://infosec.exchange/@aral@mastodon.ar.al/114224524044750719 @aral wants us to pay taxes to keep Let's Encrypt "alive". Here's another reason NOT to do that.

Apparently the *.eu.org domain needed laundrying because it's reputation became too bad. So scammers create zillions of insane domain names and obtain *FREE* (for them) certificates for those sites. Usually such sites are not malicious; they're intended to have virusscanners remove detection, eventually for the sub-TLD ".eu.org".

To see this, you may consider opening
https://crt.sh?q=eu.org
but that will fail because there are WAY too many results.

To restrict the amount of records, try a subdomain name and further restrict output by deduplicating and restricting to not expired, as follows:

https://crt.sh/?Identity=madaline.eu.org&exclude=expired&deduplicate=Y

The screenshot below gives an idea (they're all Let's Encrypt certs by the way, and I marked one with an insane domain name).

I wrote about this phenomenon before, e.g. in https://www.security.nl/posting/781057/Let%27s+Encrypt+git_git_git___ (at the time I did not understand why yet).

VirusTotal knows of 72.5K direct subdomains of *.eu.org:

"Subdomains (72.5 K)"

(open the RELATIONS tab in https://www.virustotal.com/gui/domain/eu.org/).

@TheDutchChief @EUCommission @letsencrypt @nlnet