@emaksovalec Yes I am also quite surprised. I did not expect it and I discovered it by chance. I am waiting for the explanation and revocations from #ZeroSSL CA. And it is the first time I realize of the importance of the Certificate Transparency Log #ct to audit these problems.

thanks to a search in the Certificate Transparency Log https://crt.sh I found 14 certifies issued by ZeroSSL the 11st of November to my personal domain and subdomains I did not request... still waiting answer to my revocation request from the support staff of ZeroSSL...

#ct #ca #certificates #zerossl

Anyone know a European alternative to LetsEncrypt?

And I mean: get a free (or very reasonably priced) certificate for a private web site with one or two sub-domains?

#letsencrypt #zerossl #europe #eu #web #hosting

One Open-source Project Daily

A pure Unix shell script implementing ACME client protocol

https://github.com/acmesh-official/acme.sh

#1ospd #opensource #acme #acmeclient #acmeprotocol #ash #bash #buypass #certbot #letsencrypt #posix #posixsh #shell #zerossl

Hmm, ejabberd seems unable to acquire TLS certificates from ZeroSSL, failing on requesting HEAD https://acme.zerossl.com/v2/DV90/newNonce with HTTP error: unexpected content type: application/octet-stream...

Not sure who to report that to.

#XMPP #ejabberd #ACME #ZeroSSL

@mirabilos
I use #zerossl for my web and mail servers.

https://zerossl.com/

I no longer use certbot but acme.sh to generate certificates.

ZeroSSL is the default CA for https://acme.sh/

edit: I fall back to letsencrypt when I need a wildcard cert such as *.domain.tld

I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.

And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.

I think I'm in love..

🔒 Secure your Site!

Spookhost now supports Let's Encrypt and ZeroSSL for your SSL certificates! 🎉 Head to our Client Portal to get started. We're still working on some features, but we're excited to bring you this update! #Spookhost #SSL #LetsEncrypt #ZeroSSL #WebHosting #Security #NewFeatures #HappyHosting 👻🚀

Spookhost: https://go.spookhost.xyz/home-md

Learn More:
https://hub.spookysrv.com/post/6-announcing-experimental-support-for-acme-tls-cas/

Switching my Caddy server to use ZeroSSL for AMCE SSL certification, replacing LetsEncrypt, was as easy as adding this to my Caddyfile:

{
    acme_ca https://acme.zerossl.com/v2/DV90
}

#CaddyServer #Caddy #SSL #ACME #LetsEncypt #ZeroSSL

@jpmens what are other #ACME providers except of @letsencrypt and where are they located?

@european_alternatives lists only one (#BuypassGoSSL) so far:
https://european-alternatives.eu/category/acme-ssl-certificate-providers

#ZeroSSL itself seems to be Austria-based, but is a subsidiary of HID Global (Texas, US) which again is a subsidiary of ASSA Abloy (Sweden), so it being independent from US-shenanigans is not quite clear.

We should probably start shipping a "ca-certififcates-eu" package in distributions...

Someone removed the IPv6 address on acme.zerossl.com and my renewals did not work.

If anyone face this issue use 2a0e:ac00:c7:d450::5bc7:d450 and it works.

Got the IP from https://github.com/acmesh-official/acme.sh/issues/4088

#IPv6 #ssl #acme #zerossl

finally my #nextcloud deploy & provisioning project is done and deployed managed by using #packer #terraform #hetzner #ansible #RockyLinux #GitLabCICD #backup + #restore later I'll change cert from #letsencrypt to #zerossl provider :catjam:

So, 80-90% of the web is encrypted nowadays. This is wild. Many thanks to #letsencrypt and others #acme providers like #zerossl

Can we now go ahead and also sign / encrypt email with free s/mime?

#TIL #Caddy is not only a great general-purpose #http server with automatic #https handling (via #letsencrypt and #zerossl). It also has a layer 4 module that can make it terminate #tls for arbitrary #tcp services and still handle certificates automatically. I just used it to tls-terminate a #redis db and it works like a charm!

https://github.com/mholt/caddy-l4

#Letsencrypt is handy.
Well, no.
Letsencrypt is the unrivaled corner stone for a free web.

However, it lacks the ability to generate certificates for IP addresses without domain names.

#ZeroSSL permits this in its free tier, and works quite perfectly.

@rmbolger @ainmosni Hmm, #ZeroSSL might be worth a look for #TLS certificates, they seem to be based in Germany.

And it looks like someone's done the the hard work of integrating it with #Traefik: https://www.spad.uk/posts/get-free-zerossl-certs-using-traefik/

Morgen!

Wechsel von #letsencrypt zu #zerossl

Ja, mag kein wildes Ding sein.
Für mich, mit nur gefährlichem Halbwissen, aber schon. 😑

Is #ZeroSSL broken right now? I've been waiting for my renewed #TLS / #SSL #certificate to be issued for hours ​:SanaeConfuzzled:​

#letsencrypt #HTTPS #ACME