Hacker Newsnew | past | comments | ask | show | jobs | submit | GuyPostington's commentslogin

So what starts?


random bugs


So, nothing new


Here's the boulder CA function that generates serials https://github.com/letsencrypt/boulder/blob/master/ca/ca.go#...


Stable URL for posterity.

https://github.com/letsencrypt/boulder/blob/4184dc3fc997d51e...


You know you could monitor your certs to verify that your client is functioning correctly. There's also notification emails if you provide your email address at issuance time.


This is not super friendly either because even if you identify an issue early there are many rabbit holes of failure, ratelimiting, and tool integration, that make it a PITA to deal with.

Being good at catching errors doesn't soften the blow of the errors being so readily occurring in the first place.


> Being good at catching errors doesn't soften the blow of the errors being so readily occurring in the first place.

Yes it does. If you can see the errors you can change your usage pattern or request a rate limit override. Flying blind is the worst way to go!


Ways to monitor for cert expiry in no particular order:

1) Prometheus + blackbox_exporter https://www.robustperception.io/get-alerted-before-your-ssl-...

2) Sensu/Nagios https://github.com/sensu-plugins/sensu-plugins-http/blob/mas...

3) Openssl in a crontab:

    echo | openssl s_client -connect ${DOMAIN}:443 -servername ${DOMAIN} -verify_hostname ${DOMAIN} 2>/dev/null | openssl x590 -noout -startdate -enddate


You're funny.


The parent stated that you can run your own DNS server temporarily for the cost of the hardware to run the server and shut the DNS server off after the certificate has been issued. The cost is basically free.


You should check out https://community.letsencrypt.org and ask for help there!


Here you go, read the source. https://raw.githubusercontent.com/letsencrypt/website/master...


Thank you


Can you give some more insight on what happened to the team managing openssl during that time? I remember being on-call at a job when the news dropped.


This is the internet as I remember it.


Alas, we're not spring chickens anymore... But isn't nostalgia a great feeling? (Frontpage was my very first introduction to a WYSIWYG editor.)


:)


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: