Re: [dev] https for suckless.org?

From: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
Date: Sun, 25 Sep 2016 00:22:35 +0200

On Sat, Sep 24, 2016 at 8:54 PM, ilf <ilf_AT_zeromail.org> wrote:
> I wonder why the suckless-websites are only available in HTTP, not in HTTPS.
> In the age of letsencrypt.org, there aren't a lot of valid excuses against
> TLS. Am I missing one from a suckless-philosopy? Or has this just never been
> requested?
>
> I for one would love to see unencrypted communications on the internet die.
>

I agree, It would be nice to have.

There is a ACME client to use with Letsencrypt which is really nice,
it is written in C (as opposed to the official client or third-party
python tools):
https://kristaps.bsd.lv/acme-client/ . It is in OpenBSD -current base
now, but it is also portable to Linux and other platforms.

Using a cronjob the certificate can be automatically renewed (valid
for 3 months).

The command I use is similar to this:
acme-client -v -F -f account.key -k /etc/ssl/private/private.key -c .
-C /var/www/domains/challenges/htdocs/.well-known/acme-challenge
# <reload httpd>

Kind regards,
Hiltjo
Received on Sun Sep 25 2016 - 00:22:35 CEST

This archive was generated by hypermail 2.3.0 : Sun Sep 25 2016 - 00:24:11 CEST