Nice in theory, but just when I think I have it figured out something changes and the script quits working. Specifically with 3rd-party hosting like NearlyFreeSpeech, not my own, but still a PITA.
That sounds like an integration issue of 3rd-party hosters, not like an issue with Let's Encrypt itself.
I have a running system with Let's Encrypt certificates for webserver (HTTPS) as well as mail server (SMTPS, IMAPS, POP3S), based on nginx, exim4 and dovecot, using certbot.
Setting up Let's Encrypt literally consists of just 3 steps:
1. In the webserver for all domains on HTTP, add alias /.well-known/acme-challenge to /var/www/letsencrypt/.well-known/acme-challenge
2. Run "certbot certonly" once for every domain
3. Add cronjob for "certbot renew" with a post-hook that restarts your webserver and mailservers.
Well, to be honest, there is one more step, but that one is specific to my own setup, and also just a one-time effort:
3a. Add a post-hook command that fixes a permission issue with Debian-exim. Note that this is only needed if you want to use the certificates for SMTPS and use exim under Debian.
If you add a new domain later on, this is just a single step, no need to touch the cronjob:
1. Run "certbot certonly" once for that domain
So yes! Once you have the setup running, setting up a new SSL/TLS domain is actually easier with Let's Encrypt than with any other CA.
(Of course, you'll also have to add the domain to your webserver configuration, but that's always needed, whether you use Let's Encrypt or not.)
A chance encounter with a stranger gave Joe Gebbia an idea to help pay his rent. That idea turned into Airbnb — a company that now has more rooms than the biggest hotel chain in the world.
Of my 140 orders over the last two years on Aliexpress, only one has been originated in the US (California, to be exact). All but a few of the remainder were from China. I reside in Colorado. Mostly I buy hobby electronic components, chemicals/substances, and the occasional household or automotive item.
I've used Alibaba.com as well, but the payment methods are far different and it's a more risky situation with fewer guarantees. That service I use for high-value orders after a thorough vetting of the seller. Mostly commodity items like a pallet of green coffee beans, or weird chemicals in unusual quantities.
Sometimes an order on Aliexpress will be large enough that I must consider negotiating with someone on Alibaba.com instead. Negotiations happen for me on Aliexpress as well, but the sellers on Alibaba.com seem to have greater latitude in not only price, but also packing, shipping, and handling to destination.
I'm rural and have a lot of things sending data to a central node for collection. I found LoRa interesting, but sadly none of the modules offered native encryption capabilities. Ended up using RFM69HW modules with AES128 in the same band and still get pretty good range, up to a mile+ NLoS (but not through 300m hills either..)
I imagine the low throughput of LoRa would make encryption a greater challenge than with other modules, but maybe there are other reasons for that.
Some of the modules have dedicated native encryption coprocessors such as the Laird RM186 - it's still easy enough to shoot your toe off though. I would argue there is negligible benefit for an encryption coprocessor (it's usually just AES ECB anyway) - you're either better off using a software implementation of ChaCha20/Poly1305 or a dedicated TPM.
Related: If you tenderize with a Jaccard-like tool, examine the teeth very closely before you cook your meat. I have had the blades break in half longitudinally where it still looked like a full blade, but had actually "delaminated" toward the end and left a 15mm chunk of pointed metal in my steak. It ended up in my gums.
I still use the broken blade set, but simply make sure it has all the parts before moving on. Nothing tenderizes quite like it in my experience. Had I swallowed that piece however it would have been a bad situation.
I see and appreciate your point, and yeah, you might get a little dead, but they can turn a Walmart roast into a tender and delicious cut of meat with the right cooking strategy.
Like anything, it's a trade-off, and a good test of your evolutionary worthiness as a human. Pay attention to what you're doing or die.
Oh gosh. It almost makes you terrified of using any implements along those lines. Honestly, I would've never looked for a failure mode like that. You're exceedingly lucky.
I have a very distantly related story, although one that's much more benign (thankfully!). Years ago, there was a really nice grocery store in town (local chain) that would make fresh flour tortillas. Whenever we'd think about it, we'd usually stop by and buy a dozen or two. It ended for a few years when I was eating one of them and bit down into a washer that clearly had been pushed through some part of the machine such that it was slightly elongated, flattened, and very slightly sharp on one end. I was lucky in that I neither broke a tooth, swallowed it, or cut my gums; but you can imagine my surprise when I bit down and felt something lodge between my bottom molars. More so when I pulled it out and found a steel washer!
I still have that washer somewhere.
They eventually sold off their tortilla equipment, possibly also changing management. It's been upgraded in recent years with brand new machinery, and we started buying them occasionally, but I've since developed a slight paranoia whenever I eat food I haven't made myself. I'm a softer chewer now than I was in those days for that reason. :)
I've had breadboards like his react to air flow. Those cheap ones especially have such horrible connections that the slightest motion of flimsy part like a resistor or LED wagging in the breeze will cause a significant change in impedance where the leads meet the contacts.
Since this signal is dependent upon the series resistance, the output could vary as a result.
It's a little troubling to see only one mention of PGP in the comments. Thunderbird+Enigmail+GPG makes a highly functional way to send and receive PGP-encrypted mail.
As a business subscriber, they have provided friendly and capable local support for many years, and the service itself is top-notch at a tenth the price of the same service from a telco. Price isn't everything however - their support is excellent.
They communicate with their customer base regularly on maintenance issues and system status, having no issue with owning the rare, but inevitable screw-up expected with any industry.
At one point they had a few local ISPs reselling their service, mostly as wireless. That infrastructure is still in place but I don't see anyone currently reselling it for some reason, however other wireless providers with their own connectivity are active.
I've been dreading the day that some telco beats them up on legal grounds enough to make them go away, but now it looks like there's some momentum behind this concept making it less likely.
I would love to get a 100/100 symmetrical here in Thornton, CO for a reasonable price. Maybe after this vote, in the next some odd years we'll get something. I had to drop Comcast because their signal kept spiking too much, 6 techs over the course of a year could not figure it out. Went with century link and only have a 40/5 connection, but at least it's stable and I can work from home.
Does GSCBN cover entire Glenwood Springs? I've been meaning to move to that town for a long time now, and this is just icing on a cake :)
As far as I know it has run fiber through most of the electrical conduit in town. The fiber is mainly for business, but there may be some kind of option for residential, don't know - it's too expensive for me to live here.
On the Aspen question, I think they were one of the first to get Comcast internet in the region (before Glenwood) and may be stuck in that rut.
It doesn't appear to have any compatibility with the newer TinyGPS++ library which I had been using, but I guess that's not really the intent.
Also I didn't know there were modules commonly available for multiple systems. Mouser has the A5100-A mentioned in the blog for $17 in singles, plus an antenna I assume. I've been using the NEO-6M GPS-only modules from China that run about $10 with antenna. Nice to have more options.
Thanks @OrdaGarb. I have done similar work on TinyGPSPlus in this fork couple of years back (no GLONASS support, alas): https://github.com/florind/TinyGPSPlus/tree/gpgsv-parse
Unfortunately my pull request was rejected back then.
