Collaborate Disseminate
Let’s Encrypt offers free TLS certificates, including wildcard certificates. Is there ever a reason to pay for a certificate? Is it just "we have to pay for everything so we can sue someone if something breaks" corporate policies… Continue reading Why does anyone not use Let’s Encrypt?
Inspired by this comment from Can DDNS provider perform a MITM attack?, I was wondering if there is an automated way to check the Certificate Transparency logs for malicious/unexpected certificates.
For example, if I run some ACME client o… Continue reading Comparing ACME client logs against Certificate Transparency logs
When generating a certificate what would more secure – generating a self-signed certificate using PGP or using a public CA like Let’s Encrypt? We are using it for signing and encrypting.
What are the advantages and disadvantages?
Continue reading Are self-signed certificates better for local usage?
I’m trying to understand openssl and some cert issues I was trying to track down. These certs were issued from Let’s Encrypt. I will use their site as an example because I see the same behavior there. First, I run openssl (OpenSSL 3.0.1 14… Continue reading Openssl and Let’s Encrypt Cert Chain
The ERR_CERT_DATE_INVALID error, I’m sure we’re all familiar with, is below
Visiting the same site from numerous other locations, web clients, etc shows a valid certificate.
It’s issued by let’s encrypt (cert-bot) and auto-renews. Thousan… Continue reading What could cause classic "ERR_CERT_DATE_INVALID" when I can confirm no error from numerous other clients?
this is my first post here in the area of security and encryption. I will try to be succinct, and let you know that I am not an expert in security.
Context: My client (visitor) has an X509 certificate installed on his machine, containing… Continue reading mTLS Client Authentication by Signing Arbitrary Message using Browser
I am getting the error below in trying to renew my certificate from the command line (and thus too from cron). From searching similar error reports, I understand that it means that I initially created a certificate manually and so cannot … Continue reading What does it mean to create a Let’s Encrypt certificate "automatically" rather than manually?
I’m setting up a website on a Centos7 VPS with certbot and let’s encrypt.
I am no expert on network security. I checked to see if my epel-release was pulling certbot from a legit mirror.
I ran yum search epel-release three times back-to-b… Continue reading Certbot installation from cloudfront.net epel-release mirror
I want to attach a valid ssl subdomain to my pfsense. I would check it (with warnings) via my the pfsense’s IP 192.168.11.1 .
I used multiple tutorials to come up with the following:
Bought a domain
Set the domain’s namespace to cloudflai… Continue reading pfsense subdomain timeout with error 522
For my personal use, I bought a domain for internal ssl validation for my pfsense. I was able to get the LetsEncrypt’s ACME script to successfully validate my domain and produce an ssl certificate for a subdomain. I setup my pfsense to use… Continue reading How does DNS-01 validation for LetsEncrypt know what the right IP address is?