fighting the lack of good ideas
Last year I posted a simple script for keeping your Let’s Encrypt SSL certificates current. In conjunction with my last post sharing the “best” SSL configs you can use with Apache on CentOS, here is the current state of the cron’d renewal script I use. systemctl stop httpd.service systemctl stop postfix ~/letsencrypt/letsencrypt-auto -t -n –agree-tos –keep…
continue “update: keeping your let’s encrypt certs up-to-date” »
In follow-up to previous posts I’ve had about SSL (specifically with Let’s Encrypt), here is the set of SSL configurations I use with all my sites. These, if used correctly, should score you an “A+” with no warnings from ssllabs.com. Note: I have an improved entropy package installed (twuewand). This is adapted from the Mozilla config…
continue “ssl configuration for apache 2.4 on centos 7 with let’s encrypt” »
In my how-to for Let’s Encrypt, I gave an example script that can be called via cron (or manually) which will renew Let’s Encrypt SSL certificates under CentOS 6. If you want to do it on CentOS 7 (which is what I am now running), use the following: cd ~/letsencrypt git pull systemctl stop httpd.service…
continue “automated let’s encrypt ssl certificate renewal on centos 7” »
There’s been quite a bit of excitement surrounding Let’s Encrypt recently – a truly 100% free SSL issuer. Last week I helped a friend of mine get his first Let’s Encrypt certificate generated and configured for his website. One of the things I found incredibly frustrating is that Let’s Encrypt does not have a package…
I noticed I haven’t updated my previous post on keeping my Let’s Encrypt certs updated since building-out a couple new servers. systemctl stop httpd.service /bin/certbot renew –preferred-challenges http-01,dns-01 –must-staple systemctl start httpd.service systemctl restart postfix Not a big change, but one worth making If you haven’t installed certbot yet, you should
After a friend of mine told me he wanted to deploy Jitsi on my main webserver, and me saying “sure”, I decided I wanted to get it up and running on a new server both so I knew how to do it, and to avoid the latency issues of videoconferencing from central North America to…
continue “basic dockerized jitsi deployment with an apache reverse proxy on centos” »
About 2 years ago, I started running Pi-hole as a DNS resolver and ad-blocker. Then last year, I ditched it. After seeing a recent post by Troy Hunt, though, I thought it might be worth revisiting..but I needed a better way to control how it worked. Enter OpenVPN – a service I already run on…