Difference between revisions of "Certbot"
Jump to navigation
Jump to search
(Add references template) |
|||
| Line 2: | Line 2: | ||
== Let's Encrypt == | == Let's Encrypt == | ||
| − | We used to run certificates from StartSSL because they offer free one-year certificates. However, today we upgraded to using 'LetsEncrypt' and our certificates are both more secure and easier to manage. Instead of a "B" grade, we now have "A" grade security. | + | We used to run certificates from StartSSL because they offer free one-year certificates. However, today we upgraded to using 'LetsEncrypt' and our certificates are both more secure and easier to manage. Instead of a "B" grade, we now have "A" grade security. <ref>https://www.ssllabs.com/ssltest/analyze.html</ref> |
[[File:AGrade.png|left|500px]] [[File:BGrade.png|right|500px]] | [[File:AGrade.png|left|500px]] [[File:BGrade.png|right|500px]] | ||
| Line 12: | Line 12: | ||
== Service == | == Service == | ||
| − | Using our [[Ansible]] role, we can install the certbot client. Then we can install as many certificates as needed; plus setup an automated job which will renew them | + | Using our [[Ansible]] role, we can install the certbot client. Then we can install as many certificates as needed; plus setup an automated job which will renew them. |
| + | |||
| + | Ansible has a [https://docs.ansible.com/ansible/latest/letsencrypt_module.html letsencrypt module] however, using it is a two-step process. We opted instead to create a more robust Ansible playbook to install and automate certificates. | ||
== With HAProxy == | == With HAProxy == | ||
