Perl 6 - the future is here, just unevenly distributed

IRC log for #crimsonfu, 2015-08-04

crimsonfu - sysadmins who code

| Channels | #crimsonfu index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
06:41 Azgarech joined #crimsonfu
14:34 Azgarech https://letsencrypt.readthedocs.org/en/latest/using.html#quick-start
14:34 Azgarech let's encrypt is alive
14:37 pdurbin huh. free certs according to https://letsencrypt.org
14:55 dotplus not generally available yet, hopefully September.
14:56 Azgarech the system is already functionnal :)
14:56 Azgarech using the client from the git
14:57 dotplus for arbitrary domains?
14:57 Azgarech and can be use for commercial use also
14:57 Azgarech :)
14:58 Azgarech you can't use wild card so for every subdomain you have do give the command for it
14:58 dotplus huh, that's ahead of schedule and not announced on their blog yet
14:58 Azgarech I just digged around
14:58 Azgarech and tried
14:59 dotplus by "arbitrary", I meant other than the "...only for a pre-approved set of domains" that they mentioned.
14:59 Azgarech the only thing is taht the certificate gived before annoucement can be erased
15:02 Azgarech I gonna try it on my own website
15:02 Azgarech apparently work for .org
15:05 dotplus so I'm not really into the idea of their client manipulating my webserver config directly, since that should be controlled by config mgmt. However, from their FAQ: "Note that automated configuration is not required. It can be disabled if you prefer to configure your server software yourself."
15:05 dotplus do you know whether that's "letsencrypt auth" is for?
15:08 Azgarech it's asking you question
15:08 Azgarech when letsencrypt -d ww.domain.org auth specify directly the domain to take in considération
15:24 Azgarech I gonna try it on my personnal website tonight
15:24 Azgarech if you will want some feedback
15:24 dotplus sure, why not?
15:27 dotplus in the meantime, I looked at it. Seems like the answer to my question is "yes" and I think the command would be: "letsencrypt auth --authenticator standalone www.example.com". It's not clear to me how the ACME challenge/authentication process works, but I guess you *have* to run the command from the machine that DNS resolves as the domain you're asking for a cert from?
15:29 dotplus so I'm not really into the idea of their client manipulating my webserver config directly, since that should be controlled by my config mgmt. However, from the FAQ: "Note that automated configuration is not required. It can be disabled if you prefer to configure your server software yourself." I think the command would be: "letsencrypt auth --authenticator standalone www.example.com". It's not clear to me how the ACME ...
15:29 dotplus ... challenge/authentication process works, but I guess you *have* to run the command from the machine that DNS resolves as the domain you're asking for a cert
15:29 dotplus for
15:29 dotplus bah, mischan
15:30 pdurbin yes, I'll configure security-related stuff myself, thanks
15:34 dotplus right, but if you can give me good cert for free that will be widely accepted, I'll be glad to install it myself:)
15:35 dotplus I'll let crimsonfu what answer I get from the letsencrypt folk, if any.
15:41 Azgarech IMPORTANT NOTES:
15:41 Azgarech - Automatic renewal and deployment has been enabled for your
15:41 Azgarech certificate. These settings can be configured in the directories
15:41 Azgarech under /etc/letsencrypt/configs
15:41 Azgarech :)
15:42 dotplus ouch. get your filthy hands off my keys/certs!
15:43 Azgarech I gonna do it manually
15:52 Azgarech There is a delay to activate the certificate
15:52 Azgarech my website is not veryfied yet
15:57 Azgarech https://coolaj86.com/articles/lets-encrypt-on-raspberry-pi/
15:59 Azgarech We will need to wait september then
17:31 dotplus apparently, we're looking for --authenticator manual for now. It will return a file which must be posted on the server.
17:31 dotplus later there will be DNS challenge so the letsencrypt command  will need to be done on the server itself.
19:44 bene joined #crimsonfu
19:44 bene party people, what's up?
19:47 pdurbin bene: I had something for you but now I forget what it was.
19:49 hydrajump http://www.linuxjournal.com/content/hacking-safe-bash
19:50 hydrajump ^^ a DIY approach to a password manager using bash, gpg
19:50 hydrajump and tar
19:57 pdurbin bene: oh, I know, I was wondering if you listen to metal.
20:02 bene sorta?
20:03 bene http://www.last.fm/user/bpeisenbraun
20:03 pdurbin heh. they were looking for people to be in ghostbusters
20:10 Azgarech joined #crimsonfu
20:28 pdurbin hydrajump: are you using that?
20:30 hydrajump pdurbin: no I use 1Password
20:41 pdurbin ah. ok. I use a symmetrically encrypted file
21:27 JoeJulian I use keepass. I like the ability to use the same file across all my devices.
21:30 JoeJulian @apt
21:31 JoeJulian @repo
21:31 JoeJulian and it helps if I'm in the right channel for that...

| Channels | #crimsonfu index | Today | | Search | Google Search | Plain-Text | summary

crimsonfu - sysadmins who code