Project

General

Profile

Actions

Task #2115

closed

Request certs from Let's Encrypt for each HTTPS vhost

Added by Guilhem Moulin about 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
High
Category:
-
Target version:
Team - Q1/2017
Start date:
Due date:
% Done:

100%

Tags:

Description

(Cf. floeff's mail on tdf-staff@ and the follow-ups.)

I'm personally not fond of the official ACME client (somewhat bloated, too big attack surface, no privilege separation, etc.)
so I wrote my own earlier this year:

https://tracker.debian.org/pkg/lacme

Let's Encrypt doesn't support wildcards, so the plan would be to have a separate cert for each service. One thing to keep in mind though, is the rate-limiting on Let's Encrypt's ACME server: currently 20 certificates per registered domain, excluding renewals.

https://letsencrypt.org/docs/rate-limits/

Then the next step is to set up 301 redirection from http:// to https:// everywhere :-)


Related issues

Related to Infrastructure - Task #2026: scan sites with observatory.mozilla.orgClosedGuilhem Moulin

Actions
Actions

Also available in: Atom PDF