Jarland has been awesome help. But we’re moving everything into IPA for LDAP and certmonger is just barely getting LE support. Can import the LE CAs and distribute them to all the nodes, but can’t quite request new certs yet. Internally I can get everyone to just import our CA but public facing nodes won’t do just yet.
The reason I want to stress that this can happen is that it’s mostly outside of my control. One DDOS on a network that can’t handle it and the IP changes as fast as I can get it done. In such a case, I won’t announce it as I won’t want to paint any more of a target on it than already is.
Everything is working just fine now. AutoSSL picked up the domains that needed certificates overnight and the instructions of “Just Wait” are spot on. Both webmail and mail function with the proper addressing in the browser title bar with green lock.
Yeah so for AutoSSL to work, everyone has to have the web hosting IP configured on the server which matches the server’s A record. Quite thankful for whmapi1 in that. One reason I suppose I can’t totally strip web features. At least now though, no one can sneak around and upload files. Paths no longer exist.
Yeah I use LE on everything. I’m not sure how they do verification with that one or if they pay per cert (surely there’s a cost to them somewhere), but LE is what I know and the end to end process is something I already understand in full.