|
|
|
|
|
|
by DarthGhandi
2342 days ago
|
|
|
How would you propose a 3rd party intermediary provide secure end to end encryption without you creating a client side cert? Takes 30 seconds with letsencrypt to create your own TLS cert. If you are suggesting CF do it server side then it's nothing more than snakeoil. |
|
|
You know very well that's not true, and that kind of exaggeration does Let's Encrypt no favours. I'm sure it doesn't take long when it just works, but when I've used the acme client before on systems with Apache and nginx, it was a complete PITA to get working. I haven't had to use it for a while though, so newer versions of the acme client might well be much better.
> If you are suggesting CF do it server side then it's nothing more than snakeoil
No, I didn't mean that.
What I meant was something simpler than Let's Encrypt, where you didn't need to expose an HTTP endpoint on your server for proof of domain ownership, since Cloudflare already know you control particular domain names and no further validation is needed.
Perhaps they could provide a one-time use GUID, which you'd pass to a simple client on your server, which could then send a CSR containing that GUID to a Cloudflare endpoint, which would in turn sign your CSR.