29 Oct
2017
29 Oct
'17
5:59 p.m.
Hi,
Occasionally I get non-technical people saying things to me like:
You know about computers. I want a web site. Who should I talk
to?
Clearly these people aren't in the market for a VPS. :) And the
hosting companies that I do use don't tend to offer low end shared
hosting either, so I can't give personal recommendations.
Of course, something like Squarespace is most likely going to be a
better fit for people making these types of enquiries, but it might
be nice if I could mention some companies that host with BitFolk.
So, if you sell shared web hosting running off of BitFolk
infrastructure could you message me off-list and next time I'm
asked I'll point them in your direction.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
30 Oct
30 Oct
11:09 a.m.
On Sun, 2017-10-29 at 17:59 +0000, Andy Smith wrote:
Hi,
Occasionally I get non-technical people saying things to me like:
You know about computers. I want a web site. Who should I talk
to?
Clearly these people aren't in the market for a VPS. :) And the
hosting companies that I do use don't tend to offer low end shared
hosting either, so I can't give personal recommendations.
Of course, something like Squarespace is most likely going to be a
better fit for people making these types of enquiries, but it might
be nice if I could mention some companies that host with BitFolk.
So, if you sell shared web hosting running off of BitFolk
infrastructure could you message me off-list and next time I'm
asked I'll point them in your direction.
on the point of extra services:
I wouldn't mind if you offer tls certificates for the servers.
I used to run my own CA and add the CA to the clients, but sadly that
seems to be no longer an option for iPhone/Android (nor do I want the
hassle).
I find iPhones in particular are a pain to deal with unless it's signed
by a CA apple likes. (and google chrome seems to go in the same
direction).
Since you already have your customers authenticated it should be fairly
straightforward to add a certificate-request signing services, right?
;)
Conrad
11:29 a.m.
Conrad Wood said:
on the point of extra services:
I wouldn't mind if you offer tls certificates for the servers.
I used to run my own CA and add the CA to the clients, but sadly that
seems to be no longer an option for iPhone/Android (nor do I want the
hassle).
See certbot. It does the work with a free CA that is very widely trusted.
If you use Debian Jessie, you need to enable the backports repository, but
it's simple enough to do after that, including automatic renewals every
three months.
Ian
1:06 p.m.
On Mon, 2017-10-30 at 11:29 +0000, Ian wrote:
Conrad Wood said:
on the point of extra services:
I wouldn't mind if you offer tls certificates for the servers.
I used to run my own CA and add the CA to the clients, but sadly that
seems to be no longer an option for iPhone/Android (nor do I want the
hassle).
See certbot. It does the work with a free CA that is very widely
trusted.
If you use Debian Jessie, you need to enable the backports
repository, but it's simple enough to do after that, including
automatic renewals every three months.
Ian
Thank you. I am quite aware of Lets Encrypt. It doesn't quite fit my
usecase, specifically:
a) it a pain if you're running several servers, some of which don't
have webservers, thus callbacks become annoying. (e.g. mailservers/vpn-
servers/voip servers etc)
b) it is only trusted somewhat widely for web, but mail clients (apple-
mail & iPhone) seem to not accept it for email just as readily. Nor
does it work for gRPC or OpenVPN very well.
c) it's yet another thing to keep an eye out for. Given Bitfolk
authenticates the customers and also runs the DNS for (some) clients
very well, it would be a nice round integrated service.
Conrad
3:45 p.m.
Hi Conrad
On 30/10/17 13:06, Conrad Wood wrote:
Thank you. I am quite aware of Lets Encrypt. It doesn't quite fit my
usecase, specifically:
a) it a pain if you're running several servers, some of which don't
have webservers, thus callbacks become annoying. (e.g. mailservers/vpn-
servers/voip servers etc)
There is the DNS-01 option which I've use for servers that have LAN only
connectivity at work, there is lots of examples available on this page:
https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks
Personally I have used this one with Gandi with good results:
https://github.com/AnalogJ/lexicon
b) it is only trusted somewhat widely for web, but
mail clients (apple-
mail & iPhone) seem to not accept it for email just as readily. Nor
does it work for gRPC or OpenVPN very well.
I have used their certificates successfully for mail server, IRC bouncer
and OpenVPN and both Android and iPhone clients.
Just a thought, until Bitfolk offer a CA
Rgds
Peter.
5:06 p.m.
a) it a pain
if you're running several servers, some of which don't
have webservers, thus callbacks become annoying. (e.g.
mailservers/vpn-
servers/voip servers etc)
There is the DNS-01 option which I've use for servers that have LAN
only connectivity at work, there is lots of examples available on
this page:
https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hook
s
Personally I have used this one with Gandi with good results:
https://github.com/AnalogJ/lexicon
b) it is only trusted somewhat widely for web,
but mail clients
(apple-
mail & iPhone) seem to not accept it for email just as readily. Nor
does it work for gRPC or OpenVPN very well.
I have used their certificates successfully for mail server, IRC
bouncer and OpenVPN and both Android and iPhone clients.
Just a thought, until Bitfolk offer a CA
5:25 p.m.
On 30/10/17 17:06, Conrad Wood wrote:
I'm somewhat surprised about your message re
iPhone phones. Didn't it
pop up on your users' phones and ask them irritating messages?
Especially, my users are concerned because it popped up a rather
prominent message that it's insecure because the issuer is not trusted.
I assumed - perhaps incorrectly - that LetsEncrypt isn't trusted by
iPhones.
I've had no problems reported so far and it has been in place a good
while. My first guess would be problems with your certificate chain.
Certainly with the ZNC bouncer I have to use post renewal hooks to jig
things about into a single file.
Here is a community edited list of supported clients:
https://community.letsencrypt.org/t/which-browsers-and-operating-systems-su…
Rgds
Peter.
5:38 p.m.
On Mon, 2017-10-30 at 17:25 +0000, Peter Collins wrote:
On 30/10/17 17:06, Conrad Wood wrote:
Thanks Peter,
that is very useful - It kind of verifies my initial assumption that it
is possible but requires more time I have/had available yet, which is
kind of the point of why I'd prefer a "managed" service for this :-))
<somewhat shameless plug>
I am trying to hire a skilled linux dev-op in London, since I simply
haven't got the time, but I just haven't found someone yet.
</somewhat shameless plug>
I'm somewhat surprised about your message re
iPhone phones. Didn't
it
pop up on your users' phones and ask them irritating messages?
Especially, my users are concerned because it popped up a rather
prominent message that it's insecure because the issuer is not
trusted.
I assumed - perhaps incorrectly - that LetsEncrypt isn't trusted by
iPhones.
I've had no problems reported so far and it has been in place a good
while. My first guess would be problems with your certificate chain.
Certainly with the ZNC bouncer I have to use post renewal hooks to
jig
things about into a single file.
Here is a community edited list of supported clients:
https://community.letsencrypt.org/t/which-browsers-and-operating-syst
ems-support-lets-encrypt/4394
6:14 p.m.
On Mon, Oct 30, 2017 at 05:38:16pm +0000, Conrad Wood wrote:
[...]
<somewhat shameless plug>
I am trying to hire a skilled linux dev-op in London, since I simply
haven't got the time, but I just haven't found someone yet.
</somewhat shameless plug>
You might want to advertise on:
<https://mailman.lug.org.uk/mailman/listinfo/linuxjobs>
Though when I was out of work I found 'monster' to be active enough with
job adverts.
--
Best regards,
Ed http://www.s5h.net/
2609
days inactive
2610
days old
8 comments
5 participants
participants (5)
-
Andy Smith -
Conrad Wood -
Ed Neville -
Ian -
Peter Collins