Finally moving to LetsEncrypt with HAProxy, Varnish, and Nginx


#1

Poor StartCom. Since 2009—ever since I read Glenn Fleishman’s Ars piece on how to get free SSL/TLS certificates—StartCom has been my go-to for certs. Most welcome has been StartCom’s pricing on wildcard certs (that is, certificates for *.yourdomain.com, allowing you to use a single certificate for everything, if you desire) While other certificate authorities charge rigoddamndiculous prices for individual wildcard certs, StartCom gives you unlimited wildcard certs for the price of a single $60 identity validation (yes, you read that correctly). It has always been and remains an unbeatable deal. Literally. No one else comes close. Buying wildcard certs w/StartCom felt like I’d discovered an Internet cheat code.

Read the rest of this blog entry…


#2

So, this means the website will work, right? Because my brain went all tl;dr when it saw all those words… :wink:


#3

LMAO, thanks @MSUAlexis


#4

Great article spent days looking for one that actually works. My only issue is how do you deal with domains with san eg domain.tld,www.domain.tld the letsencrypt side works perfect but the cat script fails.


#5

I think this may be the appropriate place to put this. TechCrunch reported earlier today that when Chrome 70 is released next week, blocking old certificates go into effect. Since this site’s now using Let’s Encrypt, we should be good.

I forget. Is it Chrome or Firefox that has the “I know the certificate’s wrong, go there anyway” option? The other makes you go into an exceptions list and specificially add it before you can view the site.


#6

Pretty sure it’s Firefox that lets you do it anyway.