Saturday, July 2, 2016

Techtronix Now Uses Let's Encrypt

As of about 15 minutes ago, all servers on Techtronix now use Let's Encrypt, which is a new kind of certificate authority that issues free certificates for websites, etc.

While the kinks are being worked out, the certificate_fingerprints will be retired soon as Techtronix has abandoned the old self-signed cert. Let's Encrypt certificates only have a 3-month lifespan so it would be tedious to maintain a page that isn't necessary anymore as every modern client will respect the Let's Encrypt CA.

Known Issues

  1. Connecting to will still show as a certification failure in some clients
This issue is due to the fact that is a round robin that contains the IP addresses of all client leaves. You actually get sent to one of the client servers, such as Let's Encrypt doesn't allow the issuing of certificates with wildcards, nor do they allow you to add SANs (Subject Alternative Names) without verification. When trying to verify Let's Encrypt would constantly connect to another server instead.

I'm working on a solution to this issue, and I hope to have a fix or a workaround by the end of next week if time and patience permits.