Certbot: Difference between revisions
From Freephile Wiki
Add references template |
No edit summary |
||
| Line 2: | Line 2: | ||
== Let's Encrypt == | == Let's Encrypt == | ||
We used to run certificates from StartSSL because they offer free one-year certificates. However, today we upgraded to using 'LetsEncrypt' and our certificates are both more secure and easier to manage. Instead of a "B" grade, we now have "A" grade security. | We used to run certificates from StartSSL because they offer free one-year certificates. However, today we upgraded to using 'LetsEncrypt' and our certificates are both more secure and easier to manage. Instead of a "B" grade, we now have "A" grade security. <ref>https://www.ssllabs.com/ssltest/analyze.html</ref> | ||
[[File:AGrade.png|left|500px]] [[File:BGrade.png|right|500px]] | [[File:AGrade.png|left|500px]] [[File:BGrade.png|right|500px]] | ||
| Line 12: | Line 12: | ||
== Service == | == Service == | ||
Using our [[Ansible]] role, we can install the certbot client. Then we can install as many certificates as needed; plus setup an automated job which will renew them | Using our [[Ansible]] role, we can install the certbot client. Then we can install as many certificates as needed; plus setup an automated job which will renew them. | ||
Ansible has a [https://docs.ansible.com/ansible/latest/letsencrypt_module.html letsencrypt module] however, using it is a two-step process. We opted instead to create a more robust Ansible playbook to install and automate certificates. | |||
== With HAProxy == | == With HAProxy == | ||
