Re: update-ca-certificates

[Pocket <pocket@columbus.rr.com>]

On 12/13/23 20:34, jeremy ardley wrote:
> On 14/12/23 08:54, Pocket wrote:
> > I have just finished writing some scripts to generate certs for my 
> > email server and nginx server.
> >
> > The scripts allow me to become my own CA. 
>
>
> You don't have to be your own CA. It's very easy to use letsencrypt to 
> generate valid certificates for hosts even if they are not directly 
> connected to the internet.


I don't want to use letsencrypt, that is a non-starter


> In my case I use letsencrypt for certificates for nginx, dovecot, and 
> postfix. They all use the same certificates maintained by 
> letsencrypt/certbot by linking to it in their configuration,
>
> letsencrypt/certbot manages all the certificates and necessary 
> renewals using cron jobs at regular intervals.


Which is why I don't want to use it.

Don't want to install any more packages or update cron (I have not added 
cron jobs).


> The situations where you still need to be your own CA are for 
> applications like OpenVPN and certificates for ssh servers and clients

On my network I want to control the certs used.

--
It's not easy to be me