Hmm, ejabberd seems unable to acquire TLS certificates from ZeroSSL, failing on requesting HEAD https://acme.zerossl.com/v2/DV90/newNonce with HTTP error: unexpected content type: application/octet-stream...

Not sure who to report that to.

#XMPP #ejabberd #ACME #ZeroSSL

@mirabilos
I use #zerossl for my web and mail servers.

https://zerossl.com/

I no longer use certbot but acme.sh to generate certificates.

ZeroSSL is the default CA for https://acme.sh/

edit: I fall back to letsencrypt when I need a wildcard cert such as *.domain.tld

I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.

And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.

I think I'm in love..

🔒 Secure your Site!

Spookhost now supports Let's Encrypt and ZeroSSL for your SSL certificates! 🎉 Head to our Client Portal to get started. We're still working on some features, but we're excited to bring you this update! #Spookhost #SSL #LetsEncrypt #ZeroSSL #WebHosting #Security #NewFeatures #HappyHosting 👻🚀

Spookhost: https://go.spookhost.xyz/home-md

Learn More:
https://hub.spookysrv.com/post/6-announcing-experimental-support-for-acme-tls-cas/

Switching my Caddy server to use ZeroSSL for AMCE SSL certification, replacing LetsEncrypt, was as easy as adding this to my Caddyfile:

{
    acme_ca https://acme.zerossl.com/v2/DV90
}

#CaddyServer #Caddy #SSL #ACME #LetsEncypt #ZeroSSL

@jpmens what are other #ACME providers except of @letsencrypt and where are they located?

@european_alternatives lists only one (#BuypassGoSSL) so far:
https://european-alternatives.eu/category/acme-ssl-certificate-providers

#ZeroSSL itself seems to be Austria-based, but is a subsidiary of HID Global (Texas, US) which again is a subsidiary of ASSA Abloy (Sweden), so it being independent from US-shenanigans is not quite clear.

We should probably start shipping a "ca-certififcates-eu" package in distributions...

Someone removed the IPv6 address on acme.zerossl.com and my renewals did not work.

If anyone face this issue use 2a0e:ac00:c7:d450::5bc7:d450 and it works.

Got the IP from https://github.com/acmesh-official/acme.sh/issues/4088

#IPv6 #ssl #acme #zerossl

finally my #nextcloud deploy & provisioning project is done and deployed managed by using #packer #terraform #hetzner #ansible #RockyLinux #GitLabCICD #backup + #restore later I'll change cert from #letsencrypt to #zerossl provider :catjam:

So, 80-90% of the web is encrypted nowadays. This is wild. Many thanks to #letsencrypt and others #acme providers like #zerossl

Can we now go ahead and also sign / encrypt email with free s/mime?

#TIL #Caddy is not only a great general-purpose #http server with automatic #https handling (via #letsencrypt and #zerossl). It also has a layer 4 module that can make it terminate #tls for arbitrary #tcp services and still handle certificates automatically. I just used it to tls-terminate a #redis db and it works like a charm!

https://github.com/mholt/caddy-l4

#Letsencrypt is handy.
Well, no.
Letsencrypt is the unrivaled corner stone for a free web.

However, it lacks the ability to generate certificates for IP addresses without domain names.

#ZeroSSL permits this in its free tier, and works quite perfectly.

@rmbolger @ainmosni Hmm, #ZeroSSL might be worth a look for #TLS certificates, they seem to be based in Germany.

And it looks like someone's done the the hard work of integrating it with #Traefik: https://www.spad.uk/posts/get-free-zerossl-certs-using-traefik/

Morgen!

Wechsel von #letsencrypt zu #zerossl

Ja, mag kein wildes Ding sein.
Für mich, mit nur gefährlichem Halbwissen, aber schon. 😑

Is #ZeroSSL broken right now? I've been waiting for my renewed #TLS / #SSL #certificate to be issued for hours ​:SanaeConfuzzled:​

#letsencrypt #HTTPS #ACME

ZeroSSL: How to Secure Your Website with a Free SSL Certificate
https://linuxiac.com/zerossl-how-to-install-ssl-certificate/

#linux #opensource #zerossl #ssl #certificate #security

Is there any reason you might want to use #ZeroSSL or Google Trust Services instead of #LetsEncrypt? #ACME

Who is surprised that #letsencrypt/acme.sh fails together with ZeroSSL when you use

$ acme.sh --register-account -m user+detail@do.main

for your email address...
Maybe if I find time I go digging around, I'd almost assume this falls over somewhere at #ZeroSSL, but the log-file is inconclusive so far.

[ ] me

If you know anyone using #ZeroSSL they're at risk of having their private cert keys stolen: ZeroSSL: XSS leading to session hijacking, stealing a private key (and a password hash) https://groups.google.com/a/ccadb.org/g/public/c/kqtoGeEv5Fc

Took me a while, but I finally finished my first tutorial. Hope it's useful for someone:

Self-hosted Adguard Home, DoT and SSL certificate on Android.

https://blog.catfluori.de/2023/01/13/self-hosted-adguard-home-dot-and-ssl-certificate-on-android/

Feel free to comment on it, to report issues and suggest improvements. Enjoy :-)

#Android #AdGuardHome #DNS #DNS-over-TLS #Linux #ZeroSSL

After struggling for days to make #AdGuardHome #DoT server work on #Android ("can't connect"), I have discovered that the problem lies in some features of #LetsEncrypt certificates which sometimes don't play well with Android. Using a cert form #ZeroSSL solved the problem instantly.