patrick.net

OK, looks like it worked.

Sorry if anyone couldn't get at the site for that minute or two.

Didn’t even notice, thanks Patrick

Excellent!

Why do you need SSL? I thought that was for CC payments.

WineHorror1 says

Why do you need SSL? I thought that was for CC payments.

You need SSL because fuck the government.

If I don't encrypt the connection, then:

- people on the network could see your cookie and become you
- people could alter content in transit
- your boss could see what you are reading or writing if you hit the site from work

But how else to encrypt the traffic? SSL seems to be the only way, and then you are subject to centralized control both by having your certificate revoked, and by the fact that SSL is dependent on DNS, which is also a centralized control scheme

Maybe there is some other way though. I can imagine it's possible.

Patrick says

Maybe there is some other way though. I can imagine it's possible.

It was intentionally setup to create a monopoly. This is in my crontab:

1 0 0 /usr/bin/certbot renew --rsa-key-size 4096 > /tmp/certbot.txt 2>&1 # check every week to update the certificate

that makes it run once a week, at midnight, Notice my asshole keysize - 4096 is the largest RSA key you can use.

There's other ways to do security. The one I'm working with uses the public key AS the address. There's no updates of course to the address, but that's why you use a ridiculously large key.

Don't forget to renew your CA license for the stripper pole.

richwicks says

1 0 0 /usr/bin/certbot renew --rsa-key-size 4096 > /tmp/certbot.txt 2>&1 # check every week to update the certificate

@richwicks Is that the EFF certbot?

I'm using letsencrypt-auto. I could run it from a cron job, but for some reason it requires I temporarily stop nginx, I think so that it can take over port 80 for a moment so that Letsencrypt can prove I own the site, or something.