The Certificate Authority Browser Forum has officially blessed us with the internet equivalent of mandatory daily dental flossing: SSL certificates that expire every 47 days by 2029. That’s right. The same certificates that currently give you a comfortable 398 days to procrastinate are about to need replacing—to abuse my dental hygiene conceit—more often than your| console.log()
It would be useful to include instructions on upgrading CertSage.php as new versions are released. Maybe upgrading isn't necessary since it seems most improvements are to make it easier for getting the first certificate and not renewals? But, since I don't know, I have upgraded. Just finally figured out how to do that with less work than starting from scratch. With my multiple subdomains and renamed main directory, it just means editing the certsage.php directory line again within the new cop...| Let's Encrypt Community Support
Since Let’s Encrypt started issuing certificates in 2015, people have repeatedly requested the ability to get certificates for IP addresses, an option that only a few certificate authorities have offered. Until now, they’ve had to look elsewhere, because we haven’t provided that feature. Today, we’ve issued our first certificate for an IP address, as we announced we would in January. As with other new certificate features on our engineering roadmap, we’ll now start gradually rolling...| letsencrypt.org
Jan Wildeboer’s thread on setting up a cooperative CA inspired me to finally write down (and then forget about them again for over a week) my thoughts on a related topic: Email encryption. With PGP and S/MIME, we already have two mature solutions for sending encrypted emails that have been around for decades. And while there are a few issues here and there, we can essentially consider the problem solved. If it wasn’t for the UX…| Konstantin Weddige
Tailscale Vanity Domains and TLS| robert.sesek.com
This year we will continue to pursue our commitment to improving the security of the Web PKI by introducing the option to get certificates with six-day lifetimes (“short-lived certificates”). We will also add support for IP addresses in addition to domain names. Our longer-lived certificates, which currently have a lifetime of 90 days, will continue to be available alongside our six-day offering. Subscribers will be able to opt in to short-lived certificates via a certificate profile mech...| letsencrypt.org
Learn how to configure HTTPS for devices in your Tailscale network.| Tailscale
One of the crucial steps in the TLS handshake is for the server to prove its identity to the client. While there is plenty of content explaining the principles of the handshake, there's less informati| www.pixelstech.net
HTMX is a promising technology that simplifies many things when building web applications/systems ... That is great when it comes to local development and simple experiments, but what about Production?| binaryigor.com
cert-manager ACME Let's Encrypt with working catch-all HTTPS redirect, the how and the why| gruchalski.com
Learn how to take source code from users and generate custom URLs using existing building blocks.| OpenFaaS - Serverless Functions Made Simple
Self-hosted, Open Source, Freedom| blog.rymcg.tech
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go| caddyserver.com
cert-manager configuration: ACME HTTP-01 challenges| cert-manager
My blog gets generated with Hugo, which I’m generally happy with. Until recently, I hosted the static files on Netlify but now decided to get my own little server again. There are two main reasons for this: I actually missed doing some sysadmin work. The Internet was supposed to be a federated system and I don’t want to outsource everything to a few tech giants. Operating system choice OpenBSD has always been one of my favorite (server) operating systems, for reasons that are nicely summa...| citizen428.net
)
/ UPDATE (03/30/2021) A bunch of readers have submitted suggestions and changes to both the Rust and the Go code so I've updated them and released new versions as appropriate! I added a section to the bottom of the post so check that out! -- the biggest changes were in the Go-related code. UPDATE (03/26/2021) A reader named Pavel (Pawel) helped out on the Go implementation by using []byte and io.| vadosware.io