Comment by π€ alexlehm
Re: "How many here use the same TLS certificate on their geminiβ¦"
@Morgan is set the parameter reuse_key = True in renewal.conf, that seems to keep the same cert data so that the hash does not change
2023-08-19 Β· 3 years ago
5 Later Comments β
π€ alexlehm Β· 2023-08-19 at 15:27:
@Supernova I believe this only requires the parameter reuse_key = True in the config. It is not possible to create long expiring certs with Letsencrypt, the expire time is automatically 3 months, you cannot change that
π gritty Β· 2023-08-19 at 17:08:
for those using LE, are you copying your keys to the user running your server? I ask because after using certbot, the directory holding the LE certs is not viewable by a regular user on my machine.
π€ alexlehm Β· 2023-08-19 at 17:36:
I copy the files with sudo and access them with the user the server is running under
π Supernova [OP] Β· 2023-08-19 at 23:09:
@alexlehm Oh there is a runtime option, and I use docker certbot so I think I can use it this way:
docker compose run --rm certbot renew --reuse-key
I will see what happens next month upon renewal π
π gyaradong Β· 2023-08-20 at 04:34:
I see the purpose as different. The point of minting a key is to have a centralised chain of trust. I think the key life times are for the CA to validate or audit the keys. CRLs are not always effective, so everything must have a lifetime.
In Gemini, it's TOFU so the utility of a lifetime and of minting are both limited and across purposes.
Original Post
How many here use the same TLS certificate on their gemini server that they get for their web server? I found it not too hard to setup. I am surprised I don't see more gemini capsules doing the same.
π¬ 13 comments Β· 2023-08-19 Β· 3 years ago Β· #certificates