[SFS] MatterMost is encrypted!
Scelza, Jeffrey B
Jeffrey.Scelza@charter.com
Tue, 24 Jan 2017 05:23:35 +0000
--_000_D4AC3118693Fjeffreyscelzachartercom_
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
I did find out that it does do a 'SAN' cert that can be extended on the fly=
by just adding another -d option. I don't have it completely automated y=
et, but I am working on using certbot within a docker sidekick to extend th=
e certificate as our feature branch environment creation occurs. (I.e. En=
vironment per develop branch)
FYI: Here is the command I used to do the auto renew each month.
$ cat /etc/cron.monthly/letsencrypt
#!/usr/bin/env bash
cd /opt/certbot
./certbot-auto renew --webroot \
--noninteractive \
-w /app/dev/spectrometer/dist \
--post-hook "service nginx reload"
From: Aaron Brown <aayore@gmail.com<mailto:aayore@gmail.com>>
Date: Monday, January 23, 2017 at 3:11 PM
To: "David L. Willson" <DLWillson@TheGeek.NU<mailto:DLWillson@TheGeek.NU>>
Cc: CTG User <jeffrey.scelza@charter.com<mailto:jeffrey.scelza@charter.com>=
>, sfs <sfs@thegeek.nu<mailto:sfs@thegeek.nu>>, "David L. Willson" <dlwills=
on@sofree.us<mailto:dlwillson@sofree.us>>
Subject: Re: [SFS] MatterMost is encrypted!
Unfortunately, it does not. But since it's free and automated, you can get=
a cert for each individual service.
David L. Willson<mailto:DLWillson@TheGeek.NU>
January 23, 2017 at 3:03 PM
Does Let's Encrypt do wildcards? Maybe I should have used it after all.
Sent from my Verizon, Samsung Galaxy smartphone
-------- Original message --------
From: Aaron Brown <aayore@gmail.com><mailto:aayore@gmail.com>
Date: 1/23/17 14:55 (GMT-07:00)
To: "Scelza, Jeffrey B" <Jeffrey.Scelza@charter.com><mailto:Jeffrey.Scelza@=
charter.com>
Cc: "David L. Willson" <DLWillson@thegeek.nu><mailto:DLWillson@thegeek.nu>,=
sfs <sfs@thegeek.nu><mailto:sfs@thegeek.nu>, "David L. Willson" <dlwillson=
@sofree.us><mailto:dlwillson@sofree.us>
Subject: Re: [SFS] MatterMost is encrypted!
I thought Let's Encrypt was still called Let's Encrypt, and CertBot is just=
a client to perform the automation for you. Either way, I agree that it's=
really easy once you get it set up. Lower ongoing administrative burden a=
nd all that.
A note about Symantec:
http://arstechnica.com/security/2017/01/already-on-probation-symantec-issue=
s-more-illegit-https-certificates/
I haven't had any trouble with browsers trusting Let's Encrypt certs.
https://letsencrypt.org/docs/certificate-compatibility/
Since Mozilla, Chrome, Facebook, etc. are all major sponsors, it seems like=
they're pretty well-established at this point.
E-MAIL CONFIDENTIALITY NOTICE: =
The contents of this e-mail message and any attachments are intended solely=
for the addressee(s) and may contain confidential and/or legally privilege=
d information. If you are not the intended recipient of this message or if =
this message has been addressed to you in error, please immediately alert t=
he sender by reply e-mail and then delete this message and any attachments.=
If you are not the intended recipient, you are notified that any use, diss=
emination, distribution, copying, or storage of this message or any attachm=
ent is strictly prohibited.
--_000_D4AC3118693Fjeffreyscelzachartercom_
Content-Type: text/html; charset="iso-8859-1"
Content-ID: <EDC4F3E3DCC1D34D982734EB4C5710AA@chartercom.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif;">
<div>I did find out that it does do a 'SAN' cert that can be extended on th=
e fly by just adding another –d option. I don't have it comple=
tely automated yet, but I am working on using certbot within a docker sidek=
ick to extend the certificate as our feature
branch environment creation occurs. (I.e. Environment per develop b=
ranch)</div>
<div><br>
</div>
<div>FYI: Here is the command I used to do the auto renew each month.</div>
<div><br>
</div>
<div>
<div>$ cat /etc/cron.monthly/letsencrypt</div>
<div>#!/usr/bin/env bash</div>
<div><br>
</div>
<div>cd /opt/certbot</div>
<div>./certbot-auto renew --webroot \</div>
<div> --noninteractive \</div>
<div> -w /app/dev/spectrometer/dist \</div>
<div> --post-hook "service nginx reload"</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"font-family:Calibri; font-size:11pt; text-align:left; color:b=
lack; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM:=
0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;=
BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style=3D"font-weight:bold">From: </span>Aaron Brown <<a href=3D"ma=
ilto:aayore@gmail.com">aayore@gmail.com</a>><br>
<span style=3D"font-weight:bold">Date: </span>Monday, January 23, 2017 at 3=
:11 PM<br>
<span style=3D"font-weight:bold">To: </span>"David L. Willson" &l=
t;<a href=3D"mailto:DLWillson@TheGeek.NU">DLWillson@TheGeek.NU</a>><br>
<span style=3D"font-weight:bold">Cc: </span>CTG User <<a href=3D"mailto:=
jeffrey.scelza@charter.com">jeffrey.scelza@charter.com</a>>, sfs <<a =
href=3D"mailto:sfs@thegeek.nu">sfs@thegeek.nu</a>>, "David L. Wills=
on" <<a href=3D"mailto:dlwillson@sofree.us">dlwillson@sofree.us</a>=
><br>
<span style=3D"font-weight:bold">Subject: </span>Re: [SFS] MatterMost is en=
crypted!<br>
</div>
<div><br>
</div>
<div>
<div bgcolor=3D"#FFFFFF" text=3D"#000000">Unfortunately, it does not. =
But since it's free and automated, you can get a cert for each individual =
service.<br>
<span></span><br>
<blockquote style=3D"border: 0px none;" cite=3D"mid:hkvuj3014dlx5htxa0lusvb=
e.1485208937866@email.android.com" type=3D"cite">
<div style=3D"margin:30px 25px 10px 25px;" class=3D"__pbConvHr">
<div style=3D"width:100%;border-top:1px solid #EDEEF0;padding-top:5px">
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:49%;">
<a moz-do-not-send=3D"true" href=3D"mailto:DLWillson@TheGeek.NU" style=3D"c=
olor:#737F92 =
!important;padding-right:6px;font-weight:bold;text-decoration:none =
!important;">David L. Willson</a></div>
<div style=3D"display:inline-block;white-space:nowrap;vertical-align:middle=
;width:48%;text-align:
right;">
<font color=3D"#9FA2A5"><span style=3D"padding-left:6px">January 23, 2017 a=
t 3:03 PM</span></font></div>
</div>
</div>
<div style=3D"color:#888888;margin-left:24px;margin-right:24px;" __pbrmquot=
es=3D"true" class=3D"__pbConvBody">
<div>Does Let's Encrypt do wildcards? Maybe I should have used it after all=
.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div id=3D"composer_signature">
<div dir=3D"auto" style=3D"font-size:88%;color:#364f67">Sent from my Verizo=
n, Samsung Galaxy smartphone</div>
</div>
<br>
<br>
-------- Original message --------<br>
From: Aaron Brown <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:aayore@=
gmail.com">
<aayore@gmail.com></a> <br>
Date: 1/23/17 14:55 (GMT-07:00) <br>
To: "Scelza, Jeffrey B" <a class=3D"moz-txt-link-rfc2396E" href=
=3D"mailto:Jeffrey.Scelza@charter.com">
<Jeffrey.Scelza@charter.com></a> <br>
Cc: "David L. Willson" <a class=3D"moz-txt-link-rfc2396E" href=3D=
"mailto:DLWillson@thegeek.nu">
<DLWillson@thegeek.nu></a>, sfs <a class=3D"moz-txt-link-rfc2396E" hr=
ef=3D"mailto:sfs@thegeek.nu">
<sfs@thegeek.nu></a>, "David L. Willson" <a class=3D"moz-tx=
t-link-rfc2396E" href=3D"mailto:dlwillson@sofree.us">
<dlwillson@sofree.us></a> <br>
Subject: Re: [SFS] MatterMost is encrypted! <br>
<br>
I thought Let's Encrypt was still called Let's Encrypt, and CertBot is just=
a client to perform the automation for you. Either way, I agree that=
it's really easy once you get it set up. Lower ongoing administrativ=
e burden and all that.<br>
<br>
A note about Symantec:<br>
<a moz-do-not-send=3D"true" href=3D"http://arstechnica.com/security/2017/01=
/already-on-probation-symantec-issues-more-illegit-https-certificates/" cla=
ss=3D"moz-txt-link-freetext">http://arstechnica.com/security/2017/01/alread=
y-on-probation-symantec-issues-more-illegit-https-certificates/</a><br>
<br>
I haven't had any trouble with browsers trusting Let's Encrypt certs.<br>
<a moz-do-not-send=3D"true" href=3D"https://letsencrypt.org/docs/certificat=
e-compatibility/" class=3D"moz-txt-link-freetext">https://letsencrypt.org/d=
ocs/certificate-compatibility/</a><br>
Since Mozilla, Chrome, Facebook, etc. are all major sponsors, it seems like=
they're pretty well-established at this point.<br>
<span></span><br>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</span>
The contents of this e-mail message and <br>any attachments are intended so=
lely for the <br>addressee(s) and may contain confidential <br>and/or legal=
ly privileged information. If you<br>are not the intended recipient of this=
message<br>or if this message has been addressed to you <br>in error, plea=
se immediately alert the sender<br>by reply e-mail and then delete this mes=
sage <br>and any attachments. If you are not the <br>intended recipient, yo=
u are notified that <br>any use, dissemination, distribution, copying,<br>o=
r storage of this message or any attachment <br>is strictly prohibited.</bo=
dy>
</html>
--_000_D4AC3118693Fjeffreyscelzachartercom_--