Flag’s

I certainly hope so! I have too much to do for just one life!

After 15 years? I applaud your gadgetry care and preservation.

The hinge lasts longer than a foldy screen.

Just

Red flag.

serve your website with Caddy

There is no security risk so bad that it can’t be made worse by layering on new tech with its own issues and pitfalls. (Paraphrasing Bruce Jackson)

Also my workplace hosts their own dns

The best way to control the data.

and I think it will be a cold day in hell before they let me do automated updates.

This is of waning value, but don’t jump into half-assed automation early or you end up with problems like route53 hijacking.

If you’re truly unaware of why TLS is necessary or how to automate the process then you should probably retire.

Oof. You’re gonna hit the bottom of the table with your knee like that.

What part of your security training skipped over understanding the customer’s setup before making recommendations?

End users should start getting used to that expired certificate warning in their browser of choice and the process to tell it to continue to the site anyway.

We already have a lot of this, and it’s definitely gonna get worse. Is a security dance so convoluted that people are used to others just messing up really an effective process?

Given the biggest breaches were caused by default passwords and misconfigured S3 outhouses, are we focusing on the right stuff today?

LetsEncrypt also built ACME, so they’re the primary port for testing RFC8555. They’re just gonna work better at it.

But, as above, maybe Digi is still the way for you, with the right tooling glued in.

Good luck!

manual renewals with Digicert has been a pain in the ass. If anyone has experience with their automated option I’d love to hear it.

Aren’t they RFC8555-compatible?

Yep, seems so:

ACME Directory URLs – Get certificate-level automation for Extended Validation (EV) and Organization Validated (OV) certificates. Manage multiple ACME clients, running on Windows or Linux so you can efficiently automate certificate delivery regardless of the quantity of certificates you’re managing. Improve the security of using ACME in your network through our CertCentral discovery sensors. The sensor is an extra layer of security, ensuring the ACME client doesn’t directly speak to an unsecure third party.

If you search for RFC8555 or ACME, you may find a tool you can use that may be compatible for renewing Digicert certs automatically.

I’d love to actually help, but honestly I knew the RFC offhand (correction; I was close but off) and googled the rest myself, so dragging the problem to ACME - like RFK dragging the carcass of a deer back to his sedan - is the best I can do for you today.

get serious about automation.

I’m relieved this post didn’t mention Ansible. It’s nice we’ve avoided the irony of mentioning Ansible in a post also mentioning ‘serious’ or ‘modern’.

the concept of doing these processes manually becomes a total clusterfuck.

But it’s a known clusterfuck compared to the scary unknown of certs (and the boulder app).

Why not use self-signed certificates and have each search engine indexer also index the certificate and point out how long it has been since it has changed so that you can trust whatever search engine you wish instead of these mega centralized providers of certificates.

Freshness isn’t an indicator of validity. The fence around the nearby park is decades old and with inspection and minor repairs is still viable; commercials on TV promising mail-order boner pills or vast riches from slots and roulette are relatively new.

Entire neighbourhoods are being built on this mixed-use setup and are almost self-contained. I work from home in a new but small rez block built like this, for instance, right near a metro line, and I haven’t driven in about a year.

This kinda shit is why I fear for my sister-in-law more when she’s a volunteer fireman than when she’s a mountie. You can reason with an armed resistor, but wood is fire’s favourite food and it will hurt you if you’re in its way.

Is it ‘Firetrap’? Because when Mike in 302 leaves his stove on again, y’all get 3 minutes to get out before it burns up.

\clothes-on-my-back house fire survivor. No wood houses; never again.

There are lots of places with apartments on the 2nd floor and businesses on the 1st floor?

Yes. You may not believe it from the incredulous-sounding question as you’ve written it, but ‘mixed-use’ is the standard for new buildings here, for instance.

1. pedestrian-targeted commercial on main/ground
2. professional services - lawyers, accountants, physios, clinics, tech - on levels 2-5
3. potentially hotel or low-income housing on 5-10, depending on need
4. residential above that,
5. rooftop patio/common space

Newer buildings here are getting loading bays in the garage: so 5-ton trucks just go into the parkade for a loading dock and a freight elevator. Buildings targeted to ‘market rental’ will often have a loading bay JUST for moving trucks.

The brand new 35fl building in this region may be targeted at new doctors interning at the local teaching hospital: they’re just across the street. Rumours abound about posh SROs with in-suite W/D (perfect for new docs) and a skybridge connecting the pro-serv level to the hospital.

dogging

I’m not sure that word means what you think it means.

If it’s to avoid the cancer box, I’ll take the feel-up. I’ve been in Basic. I no longer have shame.

Evaluation of the product no longer required.

I gotta travel with my twin more often. I can 50-50 unlock his stuff. Let’s fuck this up.