Commits · a4212400ebc901c3b526fcc5cd12c4b31038e16f · Arch Linux / infrastructure

Jul 28, 2024
- certificate: Allow creating legacy certs · 336af094
  Jan Alexander Steffens (heftig) authored 8 months ago
  
  With RSA 4096 instead of ECDSA.
  Verified
  
  336af094
Jul 20, 2024

certbot: Use ECDSA (P-256) certificates, not RSA · fb1f0354

Jan Alexander Steffens (heftig) authored 8 months ago

certbot switched to ECDSA by default about two years ago, following
[recommended practices][1].

We are currently using RSA with 4096 bits, which is extremely slow to
sign. Using ECDSA should give us a nice speedup.

[1]: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29

fb1f0354

Oct 17, 2020

certbot: Disable built-in random-sleep · b0d30dd4

Kristian Klausen authored 4 years ago

certbot by default sleep 1-480 seconds before renewing, to avoid all
people renewing at :00. In our case the logic is is unnecessary as
systemd is handling it (RandomizedDelaySec=24h).

b0d30dd4

May 14, 2019

certbot/nginx: Reload nginx via hook instead of directly in the certbot · 28acf6db

Florian Pritz authored 5 years ago

service

Some machines use certbot, but don't have nginx so we shouldn't force
the reload here.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Verified

28acf6db

Mar 24, 2019
- Refactor certbot into dedicated role · dacb47a7
  Florian Pritz authored 6 years ago
  
  Signed-off-by: Florian Pritz <bluewind@xinu.at>
  Verified
  
  dacb47a7
Sep 21, 2016
- roles/nginx: Add /etc/letsencrypt/hook.d/ system · 55d79567
  Jan Alexander Steffens (heftig) authored 8 years ago
  
  Verified
  
  55d79567
Jun 20, 2016
- Add letsencrypt/certbot stuff · d7d4a083
  Sven-Hendrik Haase authored 8 years ago
  
  Verified
  
  d7d4a083

Admin message