Are you still paying for SSL certificates? We can help save you money by using Let’s Encrypt, an offering from the Internet Security Research Group. It’s a free (as in free beer), open source (free as in freedom) project which aims to bring security to more websites.
Contact us if you need help saving money on your SSL certs!
- Linux: certbot –apache.
- Don’t forget it you use www and not, you need to register both
- What about wildcard certs?
- You can totally do wildcard certs, but instead of just doing the acme HTTP request, they want to check a TXT DNS record to ensure you own the domain. Makes perfect sense. The problem is that every 90 days you’d have to create a new entry for renewal. Solution? API!
- Some providers have good APIs to make it easy to do that. Some (like Namecheap) may only allow you to overwrite your entire record, which means having to replace existing.
- https://github.com/scribe777/letsencrypt-namecheap-dns-auth – be careful using this in production! I wouldn’t cron it, just manually once a quarter as part of maintenance.
- Personally, since I don’t have a need for dynamic subdomains, I just manually create the certs for each subdomain I need, which also makes it easier to revoke without affecting other subdomains.
- LE on IIS? No problem!
- Win Acme: https://github.com/PKISharp/win-acme/releases/latest
- Be sure to move it out of downloads to somewhere permanent, because…
- Creates task scheduled task to run for renewal. (If it’s in Downloads, will possibly get deleted)