Re: update-ca-certificates

To: debian-user@lists.debian.org
Subject: Re: update-ca-certificates
From: jeremy ardley <jeremy.ardley@gmail.com>
Date: Thu, 14 Dec 2023 09:34:37 +0800
Message-id: <[🔎] 5875420e-d9ea-43fe-8df4-6ac6220d15b9@gmail.com>
In-reply-to: <[🔎] 8f940077-1197-451e-b765-5da729479811@columbus.rr.com>
References: <[🔎] 8f940077-1197-451e-b765-5da729479811@columbus.rr.com>


On 14/12/23 08:54, Pocket wrote:

I have just finished writing some scripts to generate certs for myemail server and nginx server.
The scripts allow me to become my own CA.

You don't have to be your own CA. It's very easy to use letsencrypt togenerate valid certificates for hosts even if they are not directlyconnected to the internet.

In my case I use letsencrypt for certificates for nginx, dovecot, andpostfix. They all use the same certificates maintained byletsencrypt/certbot by linking to it in their configuration,

letsencrypt/certbot manages all the certificates and necessary renewalsusing cron jobs at regular intervals.

The situations where you still need to be your own CA are forapplications like OpenVPN and certificates for ssh servers and clients

Reply to:

Follow-Ups:
- Re: update-ca-certificates
  - From: Pocket <pocket@columbus.rr.com>
- Re: update-ca-certificates
  - From: Charles Curley <charlescurley@charlescurley.com>

References:
- update-ca-certificates
  - From: Pocket <pocket@columbus.rr.com>

Prev by Date: Re: update-ca-certificates
Next by Date: Re: broadcast error messages, unofficial Debian 12
Previous by thread: Re: update-ca-certificates
Next by thread: Re: update-ca-certificates
Index(es):
- Date
- Thread