The steps will still be more streamlined in the coming days, but for the moment I’ve tried to outline the steps very simply and provide clear expectations.
Currently have my email account on London server. Do you think the ip will ever change without notifying? I thought it would be better to set an A Record instead of CNAME record
Jarland has been awesome help. But we’re moving everything into IPA for LDAP and certmonger is just barely getting LE support. Can import the LE CAs and distribute them to all the nodes, but can’t quite request new certs yet. Internally I can get everyone to just import our CA but public facing nodes won’t do just yet.
The reason I want to stress that this can happen is that it’s mostly outside of my control. One DDOS on a network that can’t handle it and the IP changes as fast as I can get it done. In such a case, I won’t announce it as I won’t want to paint any more of a target on it than already is.
Everything is working just fine now. AutoSSL picked up the domains that needed certificates overnight and the instructions of “Just Wait” are spot on. Both webmail and mail function with the proper addressing in the browser title bar with green lock.
I had issues when this was first implemented last night at roughly 1AM UK time on the London node, opened a support ticket and within 30 minutes it was solved (it was a London specific issue).
Yeah so for AutoSSL to work, everyone has to have the web hosting IP configured on the server which matches the server’s A record. Quite thankful for whmapi1 in that. One reason I suppose I can’t totally strip web features. At least now though, no one can sneak around and upload files. Paths no longer exist.
Yeah I use LE on everything. I’m not sure how they do verification with that one or if they pay per cert (surely there’s a cost to them somewhere), but LE is what I know and the end to end process is something I already understand in full.