Content
@
0 reply
0 recast
2 reactions
Josh Ellithorpe
@quest
SSL certificate validity time going down to 45 days by 2027. Better make sure your auto renewal is working. https://github.com/cabforum/servercert/pull/553
2 replies
0 recast
0 reaction
Andrei O.
@andrei0x309
Using managed SLL for example, with Cloudflare proxy and certificate served will practically be forever valid, you won't need to worry about any renewal process.
1 reply
0 recast
0 reaction
Josh Ellithorpe
@quest
I am more worried about non web services that don't listen on port 80. For instance my fulcrum indexer. Rotating certs will require me to switch DNS providers to automate cert rotation. Really a PITA. Not everyone uses certs just for web apps that can easily handle http renewal flows.
1 reply
0 recast
1 reaction
Andrei O.
@andrei0x309
You can use proxified Cloudflare requests for other ports than 80/443, there's a small list of ports available like 8443 for example, but not all are allowed through Cloudflare proxy. Cloudflare proxy supports any kind of content it doesn't have to be JSON, HTML, etc, the only requirement is to not be larger than 100Mb for free. It also supported to go through CF tunnel before you go through the proxy( so you can use any port with converting any port to a supported port) The CA for managed Cloudflare shared SSL is Google and Let's Encrypt as backup. So free proxy will cover 99/100 of use cases and you won't have to worry about SSL, plus you don't directly disclose your server IP as a benefit + many other stuff you can do. I am not shilling for CF here but you get a lot for free.
1 reply
0 recast
0 reaction
Josh Ellithorpe
@quest
Yeah totally understand, I was more talking about Lets Encrypt that doesn't allow http based renewals on ports other than 80... So in my Kubernetes cluster I would need to set up a DNS based flow, which has limited provider support in Cert Manager.
0 reply
0 recast
1 reaction