Skip to content

Merry Chris-TLS-mas

Just a quick note to wish you, dear reader, a very Happy New Year. As I enter my 11th year of blogging, I hope I will be able to make a little bit more time in 2016 for more regular posts!

Also, I’m pleased to note that thanks to the wonderful folks at the Let’s Encrypt project, the whole of my site is now served over HTTPS. Given my more recent security focus, that was something that was long overdue. I’m very grateful to the Let’s Encrypt project sponsors, as the project offers a solution that provides equal, if not better, verification that traditional Domain Validation TLS certificates, at the cost of precisely zero.

Here’s to 2016!

Like this post?

If you would like to support the time and effort I have put into my tutorials and writing, please consider making a donation.


  1. Very curious to hear what your experience with LE was. Smooth? Easy? Any gotchas?

    Saturday, January 2, 2016 at 01:22 | Permalink |
  2. Peter wrote:

    My configuration, with which I am sure you are rather familiar already (as it is derived from vpmframe), is complex enough that the fully automatic configuration isn’t an option. Another system with a simpler configuration also wasn’t happy with the fully automated config because (I think) CentOS 7 wasn’t supported.

    But, there is a ‘certonly’ option that, combined with a very brief moment of downtime while the LE webserver runs on port 80 to prove your ownership of the domain, simply drops the cert in /etc/letsencrypt. I then just configured the Pound HTTPS terminator to point at the cert in there.

    The caveat is that without the fully automated process in operation, I must do this again before the certificate’s expiry, which is only a few months away. Not a big deal, as long as you make a calendar event and enough advance reminders!

    Wednesday, January 6, 2016 at 20:46 | Permalink |

Post a Comment

On some sites, you must be logged in to post a comment. This is not the case on this site.
Your email address is not made public or shared. Required fields are marked with *.

Posting a comment signifies you accept the privacy policy.
Please note — your comment will not appear straight away, as all comments are held for approval.