[lessclue]

Whoa, interesting. Does this differ from LetsEncrypt?

[petee]

Its backed by Comodo :D

I certainly don't like the complete lack of information on the webpage though...

[lessclue]

Looks like DigiCert and not Comodo.

[petee]

> "CertCenter is a Master Reseller for DigiCert Encryption Everywhere."

You are right; I mistook one of their blog posts about adding Comodo as a partner, but appears to be a separate product...not that it makes me feel any better

[bigiain]

The 12 month validity - which means it's way more useful if you want to pin certificates in a mobile app...

[jsiepkes]

How so? You pin the public key part in the cert not the whole cert itself. The key you use (should) stay the same.

[sandGorgon]

this is huge. And a killer difference. This means you can bake these certificates into Docker images as well.

[f2n]

PSA: Don't do this. Secrets don't belong in docker images, they belong in proper secret management tools.

[sandGorgon]

I get what you mean - i would say that not everyone has a devops team and is setting up a whole bunch of infrastructure. I would rather recommend a ssl certificate baked into a docker image (stored in a private registry) versus no https at all

even if you use a secrets management tool, there are very few (probably none) that can bootstrap a Letsencrypt api. So this new one makes that possible as well.

[icebraining]

If you want something simple, how about just installing nginx on the host to forward-proxy your Docker container?

[sandGorgon]

but how is that more secure or simpler than running a docker image ?

to setup the nginx on my host, i would still have to store the certificates somewhere right.

Docker is not what is making this thing complicated.