[libre-riscv-dev] [Bug 182] Move to libre-soc.org

bugzilla-daemon at libre-riscv.org bugzilla-daemon at libre-riscv.org
Tue Feb 18 01:16:35 GMT 2020


--- Comment #14 from Jacob Lifshay <programmerjake at gmail.com> ---
(In reply to vklr at vkten.in from comment #12)
> Self-signed Certificates have the possibility of Man in the Middle Attacks,
> if we do not do proper certificate verification in user side. Like checking
> certificate hash signature(fingerprints).

They also have the other major drawback of not being trusted by default by web

> While Let's Encrypt certificates have certification from root authorities.
> It is to be noted their certificates are valid only for 90 days. They have
> to be periodically renewed using acme clients; either manually or
> automatically
> using cron.

We're currently using Let's Encrypt certs. One drawback of using wildcard
certificates is that requires using the DNS-01 challenge which requires
programmatically/manually modifying a DNS TXT record to verify ownership of the

For my personal website, that actually works out better since I don't have my
server publicly accessible (home internet & no public IP addresses), I can
still generate https certs by manually modifying the DNS records, which don't
require my server to have a public IP address.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the libre-riscv-dev mailing list