Can I haz #LetsEncrypt alternative in #EU, pleaze?

@letsencrypt

Random #SelfHosting tip for any who might be interested:

If you use #GetSSL to get your #LetsEncrypt certs, you'll get four files:

* The key (example.com.key)
* The domain cert (example.com.crt)
* The CA cert (chain.crt)
* The "full chain" cert (fullchain.crt)

Make sure to use the full chain cert, *not* the domain cert, when setting up your server. Otherwise some services will give you "unknown authority" errors.

#Nextcloud auf einem #RaspberryPi ist sehr tricky, wenn man etwas verändert. Ich hatte sie jetzt einige Tage wunderbar laufen, habe nach langem Recherchieren die #Portfreigabe an der #Fritzbox geändert, um von #Letsencrypt ein SSL-Zertifikat zu bekommen - jetzt sind zwar die Ports offen, aber Zertifikat klappt trotzdem nicht und #Apache läuft auch nicht mehr. Ich steige gerade nicht mehr durch und frage mich, wieviel Zeit ich noch darauf verwenden will. jemand hier mit Erfahrungen?
#unplugtrump

Built a bit of intranet tooling in recent weeks. I had #certbot renew our wildcard #LetsEncrypt certificate, but installing it on multiple internal services was a manual process. So I made an #Ansible playbook, but still had to run it manually. When? A cron job was checking the TLS certificate of our intranet every week. If its validity was less than 3 weeks I got an alert via healthchecks.io.
Only today I realised that certbot can run the playbook directly as a deploy hook...

Un Ordine Esecutivo di #Trump blocca i pagamenti all'#OpenTechnologyFund. Da essi dipendono servizi #FOSS critici come #FDroid, #TOR e #LetsEncrypt. Abbiamo bisogno di un impegno serio da parte dell'Unione Europea nello sviluppo di alternative FOSS prima possibile, è seriamente una questione di sicurezza molto più che di principio.
https://www.dday.it/redazione/52530/trump-fara-saltare-il-negozio-open-source-android-f-droid-e-la-rete-tor

Let's Encrypt

In https://infosec.exchange/@aral@mastodon.ar.al/114224524044750719 @aral wants us to pay taxes to keep Let's Encrypt "alive". Here's another reason NOT to do that.

Apparently the *.eu.org domain needed laundrying because it's reputation became too bad. So scammers create zillions of insane domain names and obtain *FREE* (for them) certificates for those sites. Usually such sites are not malicious; they're intended to have virusscanners remove detection, eventually for the sub-TLD ".eu.org".

To see this, you may consider opening
https://crt.sh?q=eu.org
but that will fail because there are WAY too many results.

To restrict the amount of records, try a subdomain name and further restrict output by deduplicating and restricting to not expired, as follows:

https://crt.sh/?Identity=madaline.eu.org&exclude=expired&deduplicate=Y

The screenshot below gives an idea (they're all Let's Encrypt certs by the way, and I marked one with an insane domain name).

I wrote about this phenomenon before, e.g. in https://www.security.nl/posting/781057/Let%27s+Encrypt+git_git_git___ (at the time I did not understand why yet).

VirusTotal knows of 72.5K direct subdomains of *.eu.org:

"Subdomains (72.5 K)"

(open the RELATIONS tab in https://www.virustotal.com/gui/domain/eu.org/).

@TheDutchChief @EUCommission @letsencrypt @nlnet

»Unsicherheit – US-Kürzungsrausch gefährdet für das Internet wichtige Open-Source-Projekte:
Die neue US-Regierung entzieht dem Open Technology Fund (OTF) die Mittel. Von diesem sind unter anderem @letsencrypt, @torproject und @fdroidorg finanziell abhängig. Der OTF hat Klage eingereicht«

Sehr heikel und es petrifft, wenn auch "nur" indirekt, alle Menschen auf der Erde. Der Egoismus eines Irren kann uns alle betreffen!

https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte

Instead of relying on the US, the @EUCommission could have spent the equivalent of one or two state dinners on creating an EU based alternative to #LetsEncrypt. They still can :) cc @EC_DIGIT

Falls #LetsEncrypt absaufen sollte: Wo bekommt man sonst noch kostenlose Zertifikate?

#DerStandard:
"
Trumps Kürzungsrausch gefährdet für das Internet wichtige Open-Source-Projekte

Die neue US-Regierung entzieht dem Open Technology Fund die Mittel. Von diesem sind unter anderem Let’s Encrypt, Tor und F-Droid finanziell abhängig. Der OTF hat Klage eingereicht
"
https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte?ref=article

30.3.2025

After #Trump's decree: fight for US funding for #Tor, #FDroid and #LetsEncrypt

https://www.heise.de/en/news/After-Trump-s-decree-fight-for-US-funding-for-Tor-F-Droid-and-Let-s-Encrypt-10328335.html

Ok.. it actually is that simple: https://medium.com/@mariovanrooij/adding-https-to-fastapi-ad5e0f9e084e

I don't know how many times I screwed that up in so many mysterious ways - mainly 'cause I was trying *somehow* to not have to run my script as root. It feels strange to run anything as root - you just don't do that, right?

But fine... #LetsEncrypt is pretty easy and awesome. It solves my #Firefox's fear of my little VM. I like to see machines getting along.

#HELP

I just received a concerning email from the OTF (@opentechfund.bsky.social) stating that a major source of their funding is in jeopardy.

If you care about open-source, anti-censorship, or the open internet, please consider supporting one of the projects they fund.

#FOSS #OpenSource #TechNews
#USPol #Politics #News #PoliticalNews
#NetNeutrality #EFF
#Wikimedia #Signal #SignalApp
#TOR #TAILs #OpenVPN #VPN #LetsEncrypt #HTTPS #SSL
#Censorship #AntiCensorship

https://www.opentech.fund/projects-we-support/supported-projects/?sc=&filter1=&filter2=&order-by-selector=date-desc&pageno=1

"Franse overheid voert phishingtest uit op 2,5 miljoen leerlingen"
https://www.security.nl/posting/881630/Franse+overheid+voert+phishingtest+uit+op+2%2C5+miljoen+leerlingen

KRANKZINNIG!

Het is meestal onmogelijk om nepberichten (e-mail, SMS, ChatApp, social media en papieren post - zie plaatje) betrouwbaar van echte te kunnen onderscheiden.

Tegen phishing en vooral nepwebsites is echter prima iets te doen, zoals ik vandaag nogmaals beschreef in https://security.nl/posting/881655.

(Big Tech en luie websitebeheerders willen dat niet, dus is en blijft het een enorm gevecht).

il y a quelques temps je regardais comment remplacer si besoin la dépendance à #letsencrypt (réponse ici: https://community.buypass.com/t/k9r5cx/get-started)

Je ne connaissais pas l'Open Technology Forum et l'USAGM, organismes qui participent au financement de Letsencrypt, mais aussi @torproject, @fdroidorg, OpenVPN, Tails, Lantern ou @quad9dns (9.9.9.9).

Un décret trumpien vient remettre tout ça en question...

#independance #indenum

https://www.washingtonpost.com/technology/2025/03/20/trump-ends-internet-access-china-iran-otf/

Heads up! #LetsEncrypt is ending certificate expiry email notifications!

https://letsencrypt.org/2025/01/22/Ending-Expiration-Emails