eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

225
active users

#acme

0 posts0 participants0 posts today
gyptazy<p>Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME!</p><p>In this <a href="https://mastodon.gyptazy.com/tags/HowTo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HowTo</span></a> we create an own, decentralized PKE with <a href="https://mastodon.gyptazy.com/tags/stepca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stepca</span></a>, enable <a href="https://mastodon.gyptazy.com/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> and integrate a <a href="https://mastodon.gyptazy.com/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxmox</span></a> node to obtain a certificate.</p><p><a href="https://mastodon.gyptazy.com/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proxmox</span></a> <a href="https://mastodon.gyptazy.com/tags/stepca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>stepca</span></a> <a href="https://mastodon.gyptazy.com/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.gyptazy.com/tags/howto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>howto</span></a> <a href="https://mastodon.gyptazy.com/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> <a href="https://mastodon.gyptazy.com/tags/enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprise</span></a> <a href="https://mastodon.gyptazy.com/tags/pki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pki</span></a> <a href="https://mastodon.gyptazy.com/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.gyptazy.com/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> <a href="https://mastodon.gyptazy.com/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>x509</span></a> <a href="https://mastodon.gyptazy.com/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificates</span></a></p><p><a href="https://gyptazy.com/building-your-own-pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gyptazy.com/building-your-own-</span><span class="invisible">pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/</span></a></p>
Stéphane Bortzmeyer<p>RFC 9799: ACME Extensions for ".onion" Domain Names</p><p>Le protocole <a href="https://mastodon.gougere.fr/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> permet d'automatiser le processus de création et de renouvellement de <a href="https://mastodon.gougere.fr/tags/certificats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificats</span></a> utilisables, par exemple, pour TLS. L'extension normalisée dans ce nouveau <a href="https://mastodon.gougere.fr/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC</span></a> permet d'obtenir des certificats pour un service utilisant le .onion de <a href="https://mastodon.gougere.fr/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>. Si vous voulez passer à la télévision en disant « j'ai obtenu un certificat pour le Dark Web », ce RFC est la bonne lecture. </p><p><a href="https://www.bortzmeyer.org/9799.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bortzmeyer.org/9799.html</span><span class="invisible"></span></a></p>
Stéphane Bortzmeyer<p>Si vous utilisez <a href="https://mastodon.gougere.fr/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a>, vous avez sans doute reçu les messages « Let's Encrypt Expiration Emails Update » qui vous préviennent que cette AC n'enverra plus de rappels que vos certificats vont bientôt expirer. C'est parce qu'un meilleur système est maintenant disponible, <a href="https://mastodon.gougere.fr/tags/ARI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARI</span></a>. <br>ARI permet à une AC utilisant le protocole <a href="https://mastodon.gougere.fr/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> d'indiquer à ses clients des suggestions sur le renouvellement des certificats. Il est décrit dans ce <a href="https://mastodon.gougere.fr/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC</span></a>. </p><p><a href="https://www.bortzmeyer.org/9773.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bortzmeyer.org/9773.html</span><span class="invisible"></span></a></p>
Andreas Scherbaum<p>certbot on Debian Bookworm fails with: The peer didn't know the key we used</p><p><a href="https://andreas.scherbaum.la/post/2025-06-09_certbot-on-debian-bookworm-fails-with-the-peer-didnt-know-the-key-we-used/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">andreas.scherbaum.la/post/2025</span><span class="invisible">-06-09_certbot-on-debian-bookworm-fails-with-the-peer-didnt-know-the-key-we-used/</span></a></p><p><a href="https://mastodon.social/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a> <a href="https://mastodon.social/tags/Challenge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Challenge</span></a> <a href="https://mastodon.social/tags/Bookworm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bookworm</span></a> <a href="https://mastodon.social/tags/Trixie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trixie</span></a> <a href="https://mastodon.social/tags/Certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certbot</span></a> <a href="https://mastodon.social/tags/Bind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bind</span></a> <a href="https://mastodon.social/tags/RFC1918" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC1918</span></a> <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.social/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNSSEC</span></a> <a href="https://mastodon.social/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> <a href="https://mastodon.social/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a></p>
caoimhín o'cuilleain<p>Desert chicken is the proper name. </p><p><a href="https://xoxo.zone/tags/roadrunner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>roadrunner</span></a> <a href="https://xoxo.zone/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://xoxo.zone/tags/birds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>birds</span></a> <a href="https://xoxo.zone/tags/birdsofmastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>birdsofmastodon</span></a></p>
Aral Balkan<p>Just requested that Auto Encrypt¹ is added to the list of <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> clients for Node.js and that Kitten² is added to the list of projects that integrate Let’s Encrypt support:</p><p>• <a href="https://github.com/letsencrypt/website/pull/1921" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/letsencrypt/website</span><span class="invisible">/pull/1921</span></a><br>• <a href="https://github.com/letsencrypt/website/pull/1922" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/letsencrypt/website</span><span class="invisible">/pull/1922</span></a></p><p>I originally requested that Auto Encrypt and Site.js (the precursor to Kitten, now sunset) be added to the list in 2021. It was not approved (no reason given), so hopefully this time will be different.</p><p><a href="https://github.com/letsencrypt/website/pull/1203" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/letsencrypt/website</span><span class="invisible">/pull/1203</span></a></p><p>¹ <a href="https://codeberg.org/small-tech/auto-encrypt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/small-tech/auto-e</span><span class="invisible">ncrypt</span></a><br>² <a href="https://kitten.small-web.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">kitten.small-web.org</span><span class="invisible"></span></a></p><p><a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallWeb</span></a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallTech</span></a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AutoEncrypt</span></a> <a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kitten</span></a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a> <a href="https://mastodon.ar.al/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a></p>
Joost van Baal-Ilić<p>"From a sysadmin and operations perspective: What a stupid change. In the perfect cloud native, fully automated fantasy land, this might work and not even generate that much overhead work. In the real world, this will generate lots of manual work. At least, until folks replace their legacy hardware and manufacturers patch their shit." <a href="https://www.theregister.com/2025/04/14/ssl_tls_certificates/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/14/ssl</span><span class="invisible">_tls_certificates/</span></a> <a href="https://mastodon.green/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a> <a href="https://mastodon.green/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://mastodon.green/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a></p>
Quixoticgeek<p>Does anyone know how this new SSL cert expiry date thing is going to affect things like user authentication with SSL certs, i.e. for openvpn. </p><p>If we're running our own CA, can I get safari, chrome et al to accept longer cert expiry? </p><p><a href="https://social.v.st/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.v.st/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> <a href="https://social.v.st/tags/OpenVPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenVPN</span></a> <a href="https://social.v.st/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://social.v.st/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a></p>
Mad A. Argon :qurio:<p>Now updated version...</p><p>It was <a href="https://is-a.cat/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a><br>in <a href="https://is-a.cat/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> scripts<br>because systemd-timesyncd failed...</p><p>:neocat_lol: </p><p><a href="https://is-a.cat/tags/admin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>admin</span></a> <a href="https://is-a.cat/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> <a href="https://is-a.cat/tags/ItWasDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ItWasDNS</span></a></p>
Tomáš<p>Hi, consider supporting my fediverse-exclusive content work. You can give me money or buy something!</p><p><a href="https://analognowhere.com/support" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">analognowhere.com/support</span><span class="invisible"></span></a><br><a href="https://analognowhere.redbubble.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">analognowhere.redbubble.com</span><span class="invisible"></span></a></p><p>Thank you.</p><p><a href="https://merveilles.town/tags/unix_surrealism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix_surrealism</span></a> <a href="https://merveilles.town/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://merveilles.town/tags/9front" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>9front</span></a> <a href="https://merveilles.town/tags/rabbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rabbit</span></a> <a href="https://merveilles.town/tags/support" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>support</span></a></p>
Europe Says<p><a href="https://www.europesays.com/1979670/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1979670/</span><span class="invisible"></span></a> Packers’ game against Steelers unlikely to take place in Ireland, says Mark Murphy <a href="https://pubeurope.com/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://pubeurope.com/tags/against" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>against</span></a> <a href="https://pubeurope.com/tags/company" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>company</span></a> <a href="https://pubeurope.com/tags/FrontPage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FrontPage</span></a> <a href="https://pubeurope.com/tags/game" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>game</span></a> <a href="https://pubeurope.com/tags/in" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>in</span></a> <a href="https://pubeurope.com/tags/ireland" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ireland</span></a> <a href="https://pubeurope.com/tags/mark" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mark</span></a> <a href="https://pubeurope.com/tags/Murphy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Murphy</span></a> <a href="https://pubeurope.com/tags/Packers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Packers</span></a> <a href="https://pubeurope.com/tags/packing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packing</span></a> <a href="https://pubeurope.com/tags/place" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>place</span></a> <a href="https://pubeurope.com/tags/says" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>says</span></a> <a href="https://pubeurope.com/tags/Steelers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Steelers</span></a> <a href="https://pubeurope.com/tags/take" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>take</span></a> <a href="https://pubeurope.com/tags/TO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TO</span></a> <a href="https://pubeurope.com/tags/unlikely" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unlikely</span></a></p>
Aral Balkan<p>So after listening to your feedback, I agree: let’s spend that money in the EU to create a publicly-owned, free and open ACME-compatible certificate authority.</p><p>See post quoted below, with links to Tom’s work as he’s already been thinking/working on this.</p><p><a href="https://mastodon.ar.al/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> <a href="https://mastodon.ar.al/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://mastodon.ar.al/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://mastodon.ar.al/tags/technologyCommons" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technologyCommons</span></a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SmallTech</span></a> <a href="https://mamot.fr/@tdelmas/114224564125819333" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mamot.fr/@tdelmas/114224564125</span><span class="invisible">819333</span></a></p>
Roth Child<p>Were any <a href="https://mastodon.world/tags/BikeTooter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BikeTooter</span></a> gang on the <a href="https://mastodon.world/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> <a href="https://mastodon.world/tags/Audax" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Audax</span></a> ride today - I stopped to try and help a guy who's shoes had completely come apart, just near Little Thurlow (sadly I couldn't really but offered him some moral support at least).</p><p>Just interested to know if he made it back ok?</p>
Vereniging NLUUG<p><span class="h-card" translate="no"><a href="https://social.overheid.nl/@forumstandaardisatie" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>forumstandaardisatie</span></a></span> roept experts op om een bijdrage te leveren aan een consultatie over het gebruik van ACME (Automatic Certificate Management Environment) binnen de overheid.</p><p>Heb jij kennis van dit onderwerp? Neem dan deel aan de consultatie. Zie de oproep:</p><p><a href="https://www.forumstandaardisatie.nl/nieuws/acme-de-aandacht-geef-uw-mening" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forumstandaardisatie.nl/nieuws</span><span class="invisible">/acme-de-aandacht-geef-uw-mening</span></a></p><p><a href="https://nluug.nl/nieuws/forum-standaardisatie-oproep-experts-acme.md/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nluug.nl/nieuws/forum-standaar</span><span class="invisible">disatie-oproep-experts-acme.md/</span></a></p><p><a href="https://nluug.social/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://nluug.social/tags/internetconsultatie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internetconsultatie</span></a> <a href="https://nluug.social/tags/forumstandaardisatie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>forumstandaardisatie</span></a> <a href="https://nluug.social/tags/nluug" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nluug</span></a></p>
Stéphane Bortzmeyer<p><a href="https://mastodon.gougere.fr/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://mastodon.gougere.fr/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a><br>Il n'y a de page Wikipédia pour <a href="https://mastodon.gougere.fr/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a> qu'en tchèque. <a href="https://cs.wikipedia.org/wiki/Certbot" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cs.wikipedia.org/wiki/Certbot</span><span class="invisible"></span></a></p>
Elias Probst<p><span class="h-card" translate="no"><a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jpmens</span></a></span> what are other <a href="https://mastodon.social/tags/ACME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ACME</span></a> providers except of <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> and where are they located?</p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@european_alternatives" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>european_alternatives</span></a></span> lists only one (<a href="https://mastodon.social/tags/BuypassGoSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BuypassGoSSL</span></a>) so far:<br><a href="https://european-alternatives.eu/category/acme-ssl-certificate-providers" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">european-alternatives.eu/categ</span><span class="invisible">ory/acme-ssl-certificate-providers</span></a></p><p><a href="https://mastodon.social/tags/ZeroSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroSSL</span></a> itself seems to be Austria-based, but is a subsidiary of HID Global (Texas, US) which again is a subsidiary of ASSA Abloy (Sweden), so it being independent from US-shenanigans is not quite clear.</p><p>We should probably start shipping a "ca-certififcates-eu" package in distributions...</p>
DrScriptt<p>I started a discussion with fellow <a href="https://oldbytes.space/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> about updating <a href="https://oldbytes.space/tags/BIND" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BIND</span></a> / <a href="https://oldbytes.space/tags/named" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>named</span></a> config to migrate from the overly permissive allow-update {…} stanzas to the more restricted update-policy {…} stanzas using targeted grant statements.</p><p>The idea being to allow the <a href="https://oldbytes.space/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> client to only be able to update (add / delete) _acme-challenge TXT instead of any record in the zone.</p><p>Old:</p><p>allow-update {<br> TSIG_KEY_NAME;<br>};</p><p>New:</p><p>update-policy {<br> grant TSIG_KEY_NAME name _acme-challenge.example.net TXT;<br>};</p><p><a href="https://oldbytes.space/tags/acmesh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acmesh</span></a> <a href="https://oldbytes.space/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a></p>
F. Maury ⏚<p>Donc l'<a href="https://infosec.exchange/tags/ANSSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANSSI</span></a> sort un guide sur la sécurisation des serveurs ACME.</p><p>**PAS UNE mention de DNSSEC**</p><p>Fucking amateurs</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
F. Maury ⏚<p>Créer une infrastructure sans en connaitre le moindre secret ? Pour quoi faire ? Et surtout comment ?<br>Si vous pensez aux gestionnaires de secrets, vous faites probablement fausse route ! Aller, venez, on en parle après l'écoute de l'épisode !</p><p><a href="https://pod.broken-by-design.fr/@yakafokon/episodes/comment-ne-pas-etre-dans-le-secret-des-dieux" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pod.broken-by-design.fr/@yakaf</span><span class="invisible">okon/episodes/comment-ne-pas-etre-dans-le-secret-des-dieux</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://infosec.exchange/tags/ansible" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ansible</span></a> <a href="https://infosec.exchange/tags/terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>terraform</span></a> <a href="https://infosec.exchange/tags/vault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vault</span></a> <a href="https://infosec.exchange/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://infosec.exchange/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a></p>
Ray Gulick, he/him/wtf 🇺🇦 ❌👑<p>When I moved to New Jersey from New Mexico, I was so excited to find there's an Acme store only a few miles away.<br>And then I found out they don't carry anvils, catapults, TNT, or rockets, or anything I thought they sold. Just groceries. Very disappointing.<br><a href="https://social.coop/tags/NewJersey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NewJersey</span></a> <br><a href="https://social.coop/tags/Acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Acme</span></a> <br><a href="https://social.coop/tags/Coyotes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Coyotes</span></a></p>