For those of a more technical nature, or for anyone that's just plain old nosey, the SSL cert that allows the forum to run under
https is due for renewal.
The existing SSL cert was purchased from namecheap and needs renewing. However, their renewal process is not automatic, so rather than renew and go through the whole faff of manually installing and configuring the new cert in apache I'm going to trash that one and install a new self-signed SSL cert using the rather groovy
let's encrypt tool.
I'm hoping it will run as thus:
- install let's encrypt on the server
- create a new let's encrypt SSL cert
- update apache configs to point to the new cert
- sit back with a beer and watch it all work seamlessly
But things never pan out that way do they? I am not even 100% what will happen if I generate a new cert on the server role apache is pointing at an old one, or how seamlessly the config update will take
We'll see.
I've installed and created SSL certs using let's encrypt on my other servers and it's taken 2 minutes from start to end, but those sites weren't already running on SSL. Part of the complication I anticipate here is removing one config and adding another - I fear let's encrypt's tool may complain about the existing one until that's rolled out.
The main benefits of let's encrypt certs are that a) they're free and b) they can be renewed automatically. Renewing and manually installing a namecheap ssl is a PITA, so I figure trying to switch this over now is worth the pain...
See you on the other side.
