I recently started to replace #nginx with @caddy and it's as satisfying as it is scary to replace a complex config that spans five included files and a total of about 400 lines with a single Caddyfile of around 80 lines.
And on top of that #Caddy also made certbot redundant as it takes care of fetching and renewing the tls certs from #LetsEncrypt and keeps a #ZeroSSL backup for all of my domains.
I think I'm in love..
@ArneBab I heard today that this will not affect #letsencrypt operations, but funding for further development. So, even if they cut it, we won't end up having millions of invalid certificates within 90 days.
Sounds like we’ll need a EU-based alternative to #letsencrypt:
https://thelibre.news/trump-cuts-funding-to-foss-projects/
Much earlier than I expected.
How to Install Centmin Mod on #AlmaLinux #VPS (5 Minute Quick-Start Guide) Here's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
What is Centmin Mod?
Centmin Mod is a shell-based, menu-driven installer that automates the deployment of a LEMP (Linux, Nginx, MariaDB/MySQL, PHP-FPM) stack on CentOS, AlmaLinux, and Rocky Linux servers. Designed for efficiency and performance, it ...
Continued 
https://blog.radwebhosting.com/how-to-install-centmin-mod-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #letsencrypt #php #csf #centminmod
Can I haz #LetsEncrypt alternative in #EU, pleaze?
Random #SelfHosting tip for any who might be interested:
If you use #GetSSL to get your #LetsEncrypt certs, you'll get four files:
* The key (example.com.key)
* The domain cert (example.com.crt)
* The CA cert (chain.crt)
* The "full chain" cert (fullchain.crt)
Make sure to use the full chain cert, *not* the domain cert, when setting up your server. Otherwise some services will give you "unknown authority" errors.
How to Install Centmin Mod on #AlmaLinux #VPS Here's a detailed step-by-step guide on how to install Centmin Mod on AlmaLinux VPS server.
What is Centmin Mod?
Centmin Mod is a shell-based, menu-driven installer that automates the deployment of a LEMP (Linux, Nginx, MariaDB/MySQL, PHP-FPM) stack on CentOS, AlmaLinux, and Rocky Linux servers. Designed for efficiency and performance, it streamlines the installation and ...
Continued https://blog.radwebhosting.com/how-to-install-centmin-mod-on-almalinux-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #php #centminmod #letsencrypt #csf
Built a bit of intranet tooling in recent weeks. I had #certbot renew our wildcard #LetsEncrypt certificate, but installing it on multiple internal services was a manual process. So I made an #Ansible playbook, but still had to run it manually. When? A cron job was checking the TLS certificate of our intranet every week. If its validity was less than 3 weeks I got an alert via healthchecks.io.
Only today I realised that certbot can run the playbook directly as a deploy hook...
Un Ordine Esecutivo di #Trump blocca i pagamenti all'#OpenTechnologyFund. Da essi dipendono servizi #FOSS critici come #FDroid, #TOR e #LetsEncrypt. Abbiamo bisogno di un impegno serio da parte dell'Unione Europea nello sviluppo di alternative FOSS prima possibile, è seriamente una questione di sicurezza molto più che di principio.
https://www.dday.it/redazione/52530/trump-fara-saltare-il-negozio-open-source-android-f-droid-e-la-rete-tor
Let's Encrypt
In https://infosec.exchange/@aral@mastodon.ar.al/114224524044750719 @aral wants us to pay taxes to keep Let's Encrypt "alive". Here's another reason NOT to do that.
Apparently the *.eu.org domain needed laundrying because it's reputation became too bad. So scammers create zillions of insane domain names and obtain *FREE* (for them) certificates for those sites. Usually such sites are not malicious; they're intended to have virusscanners remove detection, eventually for the sub-TLD ".eu.org".
To see this, you may consider opening
https://crt.sh?q=eu.org
but that will fail because there are WAY too many results.
To restrict the amount of records, try a subdomain name and further restrict output by deduplicating and restricting to not expired, as follows:
https://crt.sh/?Identity=madaline.eu.org&exclude=expired&deduplicate=Y
The screenshot below gives an idea (they're all Let's Encrypt certs by the way, and I marked one with an insane domain name).
I wrote about this phenomenon before, e.g. in https://www.security.nl/posting/781057/Let%27s+Encrypt+git_git_git___ (at the time I did not understand why yet).
VirusTotal knows of 72.5K direct subdomains of *.eu.org:
"Subdomains (72.5 K)"
(open the RELATIONS tab in https://www.virustotal.com/gui/domain/eu.org/).
»Unsicherheit – US-Kürzungsrausch gefährdet für das Internet wichtige Open-Source-Projekte:
Die neue US-Regierung entzieht dem Open Technology Fund (OTF) die Mittel. Von diesem sind unter anderem @letsencrypt, @torproject und @fdroidorg finanziell abhängig. Der OTF hat Klage eingereicht«
Sehr heikel und es petrifft, wenn auch "nur" indirekt, alle Menschen auf der Erde. Der Egoismus eines Irren kann uns alle betreffen!
Instead of relying on the US, the @EUCommission could have spent the equivalent of one or two state dinners on creating an EU based alternative to #LetsEncrypt. They still can :) cc @EC_DIGIT
Falls #LetsEncrypt absaufen sollte: Wo bekommt man sonst noch kostenlose Zertifikate?
#DerStandard:
"
Trumps Kürzungsrausch gefährdet für das Internet wichtige Open-Source-Projekte
Die neue US-Regierung entzieht dem Open Technology Fund die Mittel. Von diesem sind unter anderem Let’s Encrypt, Tor und F-Droid finanziell abhängig. Der OTF hat Klage eingereicht
"
https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte?ref=article
30.3.2025
Für Home Assistant lässt sich mit dem Add-on Let's Encrypt ein eigenes SSL-Zertifikat erstellen, um die Kommunikation zwischen dem Server und den Clients abzusichern.
While, F-Droid is important for Android users, I use UbuntuTouch.
I did make my first contribution to UBPorts, which makes my phone OS, which is a FOSS alternative to Android.
I do use Tor, and I run a 2 MB/s Tor relay on a high bandwidth server I rent on DigitalOcean in (possibly) eco-friendly LON1 cluster as my form of contribution to the Tor project.
I also made my first annual donation to LetsEncrypt, which I do use on ~20 of my websites.
After #Trump's decree: fight for US funding for #Tor, #FDroid and #LetsEncrypt
Ok.. it actually is that simple: https://medium.com/@mariovanrooij/adding-https-to-fastapi-ad5e0f9e084e
I don't know how many times I screwed that up in so many mysterious ways - mainly 'cause I was trying *somehow* to not have to run my script as root. It feels strange to run anything as root - you just don't do that, right?
But fine... #LetsEncrypt is pretty easy and awesome. It solves my #Firefox's fear of my little VM. I like to see machines getting along.
I just received a concerning email from the OTF (@opentechfund.bsky.social) stating that a major source of their funding is in jeopardy.
If you care about open-source, anti-censorship, or the open internet, please consider supporting one of the projects they fund.
#FOSS #OpenSource #TechNews
#USPol #Politics #News #PoliticalNews
#NetNeutrality #EFF
#Wikimedia #Signal #SignalApp
#TOR #TAILs #OpenVPN #VPN #LetsEncrypt #HTTPS #SSL
#Censorship #AntiCensorship
"Franse overheid voert phishingtest uit op 2,5 miljoen leerlingen"
https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen
KRANKZINNIG!
Het is meestal onmogelijk om nepberichten (e-mail, SMS, ChatApp, social media en papieren post - zie plaatje) betrouwbaar van echte te kunnen onderscheiden.
Tegen phishing en vooral nepwebsites is echter prima iets te doen, zoals ik vandaag nogmaals beschreef in https://security.nl/posting/881655.
(Big Tech en luie websitebeheerders willen dat niet, dus is en blijft het een enorm gevecht).
