Reason to replace Let’s Encrypt
- Avoid United States gov banning Let’s Encrypt
- Always try something smaller or made in EU would be a good option
BuyPass Go SSL
BuyPass is a Norwegian company that offers a broad range of consumer and enterprise security and digital identity services. Their TLS/SSL certificates are free for one or more domains, just like Let’s Encrypt’s. Buypass Go SSL, is the company’s SSL certificates issued using their Automated Certificate Management Environment (ACME) API, with a lifetime of 180 days.
https://www.buypass.com/products/tls-ssl-certificates/go-ssl
Caddy configuration
Paste acme_ca on top of your Caddy configuration and restart the server.
nano /etc/caddy/Caddyfile
{
acme_ca https://api.buypass.com/acme/directory
email <[email protected]>
# key_type rsa2048
}
Manual setup
apt-get remove certbot wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ## Register with your email ./certbot-auto register -m '[email protected]' --agree-tos --server 'https://api.buypass.com/acme/directory' ## Request a valid certficate ./certbot-auto certonly --standalone --email '[email protected]' -d 'www.xxx.com' -d 'xxx.xxx.com' --server 'https://api.buypass.com/acme/directory' ## Schedule renew config in crontab on every 180 days 0 5 * * 1 /bin/bash ./certbot-auto certonly --standalone --email '[email protected]' -d 'www.xxxx.com' -d 'xxx.xxxx.com' --server 'https://api.buypass.com/acme/directory' > /dev/null
References
- https://n-bs-p.github.io/Caddy.html
- https://caddyserver.com/docs/caddyfile/options
- https://www.bleepingcomputer.com/news/security/github-suspends-accounts-of-russian-devs-at-sanctioned-companies/
- https://caddy.community/t/configure-key-type-to-use-when-creating-acme-account-for-using-buypass/9445