Comment by π gritty
Re: "How many here use the same TLS certificate on their geminiβ¦"
for those using LE, are you copying your keys to the user running your server? I ask because after using certbot, the directory holding the LE certs is not viewable by a regular user on my machine.
2023-08-19 Β· 3 years ago
3 Later Comments β
π€ alexlehm Β· 2023-08-19 at 17:36:
I copy the files with sudo and access them with the user the server is running under
π Supernova [OP] Β· 2023-08-19 at 23:09:
@alexlehm Oh there is a runtime option, and I use docker certbot so I think I can use it this way:
docker compose run --rm certbot renew --reuse-key
I will see what happens next month upon renewal π
π gyaradong Β· 2023-08-20 at 04:34:
I see the purpose as different. The point of minting a key is to have a centralised chain of trust. I think the key life times are for the CA to validate or audit the keys. CRLs are not always effective, so everything must have a lifetime.
In Gemini, it's TOFU so the utility of a lifetime and of minting are both limited and across purposes.
Original Post
How many here use the same TLS certificate on their gemini server that they get for their web server? I found it not too hard to setup. I am surprised I don't see more gemini capsules doing the same.
π¬ 13 comments Β· 2023-08-19 Β· 3 years ago Β· #certificates