Ancestors

Toot

Written by stf on 2025-01-29 at 14:20

ohno, #letsencrypt is ending notification emails? time to write my own monitoring and notification service? or is there already a free software based one?

https://letsencrypt.org/2025/01/22/ending-expiration-emails/

=> More informations about this toot | More toots from stf@chaos.social

Descendants

Written by Dr. Christopher Kunz on 2025-01-29 at 14:27

@stf Honest question: Why write a notification service? Just let certbot et al. automate the renewal and be done with it?

If you can't automate renewal for some reason, most popular monitoring software should have a function for this, e.g. icinga: https://icinga.com/docs/icinga-2/latest/doc/10-icinga-template-library/#http

=> More informations about this toot | More toots from christopherkunz@chaos.social

Written by stf on 2025-01-29 at 14:42

@christopherkunz because in my setup the renewal is compartmented from the servers that use the certs, and there is no way for them to restart/reload them. a human is needed to jump the gap. this icinga thing also looks like something that brings more attack surface than utility, it sure can do monitoring, but at what supply chain and other attack surface cost?

=> More informations about this toot | More toots from stf@chaos.social

Written by Dr. Christopher Kunz on 2025-01-29 at 15:17

@stf You don't need to run a public-facing instance of any monitoring tool to check certificate validity, you can just run the check tools independently.

Also, you can do this easily just by using the openssl cli, e.g. https://gist.github.com/cgmartin/49cd0aefe836932cdc96

=> More informations about this toot | More toots from christopherkunz@chaos.social

Written by stf on 2025-01-29 at 15:20

@christopherkunz true, that shell gist is nice. thx!

=> More informations about this toot | More toots from stf@chaos.social

Written by Dr. Christopher Kunz on 2025-01-29 at 15:21

@stf also, if OpenSSL had a GUI...

=> View attached media

=> More informations about this toot | More toots from christopherkunz@chaos.social

Written by Joost van Baal-Ilić on 2025-01-29 at 14:41

@stf time to finally start with rollout of https://github.com/dehydrated-io/dehydrated is my plan now.

=> More informations about this toot | More toots from joostvb@mastodon.green

Written by tyil on 2025-01-30 at 09:21

@stf@chaos.social I have no clue how sending email is this expensive for them, but I do find "lets just not store user data" to be a compelling reason.

=> More informations about this toot | More toots from tyil@fedi.tyil.nl

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113912082549723109
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 287.934094 milliseconds
Gemini-to-HTML Time: 3.645832 milliseconds

This content has been proxied by September (3851b).