Mail archive

Proposal for TLS on websites

From: Nathan Angelacos <>
Date: Fri, 26 Feb 2016 09:38:46 -0500

I'm leaning toward letsencrypt and 4096bit certs.

They don't allow wildcard certs, but do allow multiple Alt subject
Names. Startssl allows 5 alts (UCC) per cert free cert.

We currently have 61 entries in our zone file - a few are exempt/junk (I
don't think we need svn or blog anymore); but the rest are in use.

To start simple, here's a proposal:

Get a cert for:

with Alt Subj Names of:

That would encompass the bulk of the "consumer" side of the project.

For now we leave the download and build servers bare http, and see how
this first step works.

Received on Fri Feb 26 2016 - 09:38:46 UTC