eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

211
active users

#ssl

2 posts2 participants1 post today

Hallo ich bin #neuhier und melde mich, weil etwas teilen möchte.

Als alter ITler möchte ich ein Skript teilen, dass dem (Home-)Admin das Leben erleichert, wenn wieder mal ein "curl" oder "wget" bei der Verifizierung eines Zertifikats (#SSL / #TLS) scheitert.
Das kommt nicht so oft vor, deswegen hatte ich immer vergessen was zu tun ist, wenn es mal wieder so weit war.

Das Script prüft welche Zertifikate fehlen, lädt sie herunter, so dass man sie ggf. in die Liste der CAs (certification authorities) aufnehmen kann. Wie das geht, steht in meiner dazugehörigen Doku.

Vielleicht einfach mal sehen, ob ihr es brauchen könnt.

Natürlich #opensource, beschrieben auf github.com/himbeer-toni/UserSc, da wäre dann auch ein Downloadlink.

Würde mich freuen, wenn es jemandem hilft!

#opensource #programming #debian #linux #RasPi #sysAdmin #git #github #selfhost #selfhosted #selfhosting
#opensource #foss #homelab #homeserver #software #raspi #RasPi #sysAdmin #TLS #SSL #certificates
@digitalcourage
@linuxnews

Scripts for Linux user's ~/bin/ directory. Contribute to himbeer-toni/UserScripts development by creating an account on GitHub.
GitHubUserScripts/fetch-missing-ca.md at main · himbeer-toni/UserScriptsScripts for Linux user's ~/bin/ directory. Contribute to himbeer-toni/UserScripts development by creating an account on GitHub.

Hello Fedizens,

One way to fulfill #unplugtrump is to setup own timeserver in the local network.

Some people had questions, when you have VPN to your local network which has no public websites and platforms.

Is it necessary to enable SSL on local network?

If yes, are there tutorials to enable SSL with IP addresses or servernames? We aware that administration requires experts and skills on a special grade of complexity, but this is something beginners could handle.

Some Apps like smart homes, local clouds, Multi apps like ferdium deny self signed certificates.

Nice. I got all of the DNS records for one of my domains shifted away from my web host's DNS server to Cloudflare and everything including SSL is working now.

The key was I had to turn off proxy for individual DNS records on #cloudflare and then deleted and re add #letsEncrypt #SSL certificates. Then turn back on the proxy setting on the DNS records and everything is good!

This should allow me to get an SSL certificate to add to my #ubiquiti router via Cloudflare.

Replied in thread

@drscriptt granted, we all want 203.0.113.1¹ to have #SSL / #TLS (even if it's just @letsencrypt ) work than not work or have no #encryption.

  • That is not up for debate!

I just think that this will reward previously standards-violating behaviours when i.e. Xavier Sample Solutions don't get nudged to use i.e. api.solutions.example² but can just use their IP addresses.

¹ Example as per RFC5737
² Example as per RFC2606

1.1.1.11.1.1.1 — The free app that makes your Internet faster.Install the free app that makes your phone’s Internet more fast, private, and reliable.

Just spent hours debugging what looked like an OpenTelemetry context detach error in my ADK + MCP setup. Went down rabbit holes trying to fix async redherring, cancel scopes, and tracing configs.

Plot twist: It was just a self-signed SSL cert on our staging server 🤦‍♂️

The real issue was buried 50 lines deep in the logs. Sometimes the loudest error isn't the root cause - it's just a symptom.

Let's #Encrypt rolls out free IP address #certificates • The Register

Let's Encrypt, a #CertificateAuthority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

It's not the first CA to do so. #PositiveSSL , #Sectigo, and #GeoTrust all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.
#security #tls #ssl #privacy

theregister.com/2025/07/03/let

The Register · Let's Encrypt rolls out free security certs for IP addressesBy Thomas Claburn

🍝 Parlando di cose migliori: ho contribuito al progetto della #Biblioteca dei Semi Narrativi di @alxd : ora potete consultare tutte le voci anche in italiano!

storyseedlibrary.org/it

Se avete bisogno di #illustrazioni #solarpunk per i vostri progetti, la #SSL è piena di opere fantastiche, tutte copyleft! Pescatene a piene mani e, se conoscete qualche altra lingua, fatevi avanti e traducete! È questione di qualche pomeriggio 😄

Biblioteca dei Semi NarrativiBenvenuti alla Biblioteca dei Semi Narrativi!Una biblioteca di opere e semi narrativi Solarpunk per aiutarvi a immaginare un futuro climatico migliore!

"From a sysadmin and operations perspective: What a stupid change. In the perfect cloud native, fully automated fantasy land, this might work and not even generate that much overhead work. In the real world, this will generate lots of manual work. At least, until folks replace their legacy hardware and manufacturers patch their shit." theregister.com/2025/04/14/ssl #certbot #acme #ssl

The Register · New SSL/TLS certs to each live no longer than 47 days by 2029By Iain Thomson

Firefox *finally* supports mTLS / SSL client certificates on Android! 🥳

It only took a dozen years, but who is counting. (Me. I was counting.)

That was a blocker in some of my use cases still forcing Chrome, so ... 🎉

bugzilla.mozilla.org/show_bug.

bugzilla.mozilla.org868370 - Provide a way to import user certificates (with their private keys) from PKCS#12/PFX files (Firefox for Android)REOPENED (nobody) in GeckoView - General. Last updated 2025-05-13.
#mTLS#SSL#Firefox

In case you haven't seen it yet, check out the analysis of the devastating state of [mostly] modern #OpenSSL by members of haproxy at haproxy.com/blog/state-of-ssl- - hard to imagine such massive performance regressions getting into mainline linux distributions unnoticed by the distributors. #linux #ssl

HAProxy TechnologiesThe State of SSL StacksThe SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.