certbot renew
Wow, just learnt about certbot renew, which renews all your certificates at once. Too easy! Just joined EFF as a paid member.
Stephen Sekula, uıɐɾ ʞ ʇɐɯɐs likes this.
I doubt it would handle multiple domains on the same server and more complicated config files where not everything is a "platform"
still somewhat iffy about ssl ..
sure dns might have known issues but it still looks a hell of a lot more stable than anything to do with ssl ever looked and after seeing an exploit happen in front of my eyes a few months ago where a browser showed me a spoofed site DESPITE dns results being correct (changing to http in the url went to the real site) I'm now rather suspicious of the tls push.
browsers are nowsdays so full of holes I don't think I can trust anything but the bare basics if even that
@Michael There are obviously some flaws with the model of "trust these centralised certificate authorities to do the right thing", but TLS/SSL is an essential security measure to make surveillance and fraud expensive to attackers. Sure, browsers do have bugs sometimes, but that doesn't devalue the system as a whole.
For what it's worth, certbot renew does happily handle multiple domains on the same server - that's how I'm using it.
anyway I think the first time I would want to do it manually, to make sure I get to know what goes where ..
also need to consider multiple servers ..
(nginx is in front) - might need some care to get configs right,
and also rewrite rules to consider
(other stuff using /.well-known paths - webfinger/etc )
Michael at 2017-02-17T21:10:26Z
Ben Sturmfels likes this.