LE's short expiry is the primary reason why I don't use it. Yes, I know, automation is the approved solution for this, but it's not a great solution for me.
LE's short expiry is the primary reason why I don't use it. Yes, I know, automation is the approved solution for this, but it's not a great solution for me.
Agreed, when the tools stop working (which, they do) then suddenly what was swapping out a file instead becomes a big ordeal with fighting nginx .well-known bypass or trying to figure out why lets encrypt can't connect via IPv6 but everything else seems to be able to or, in my case, when certbot-auto stopped working and had no upgrade path on oBSD.
my blog and personal website are down for this reason, I simply can't spend half-a-day at this point in my life figuring out how to do this on OpenBSD. So I'd rather just leave it dead at this point.
Guess I could just buy an SSL certificate still, maybe I do that tonight.
I use DNS-01. In fact, it's the only way I can do it as LE doesn't have access to my internal setup.
And buying an SSL cert only gives you 368 days in Chrome / Apple browsers: https://support.apple.com/en-us/102028
DNS-01 is awkward with multiple TLDs and providers for a site.
For me it’s like;
'DNS Alias Mode', eg https://dan.langille.org/2019/02/01/acme-domain-alias-mode/