Learn about Centmin Mod LEMP Stack today
Register Now

Letsencrypt Letsencrypt Free SSL Public Beta December 3th 6PM GMT

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Dec 3, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Letsencrypt will open up public beta for issuing free SSL certificates to the public on December 3th at 6PM GMT time. Status page Let's Encrypt Status

    Letsencrypt Notes


    Letsencrypt public rate limits have been increased Rate Limits for Let's Encrypt - Documentation - Let's Encrypt Community Support

    This thread is for discussion amongst Centmin Mod members. Centmin Mod Letsencrypt integration is still a work in progress at centminmod.com/letsencrypt-freessl.html so not really ready for the public beta launch which will happen within the next 15hrs or so :)

    Feel free to post any blog posts, articles or news you come across regarding Letsencrypt and it's public beta launch in this thread :D
     
    Last edited: Mar 27, 2016
  2. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:51 PM
    Mainline
    10.2
    I tried Letsencrypt on Windows XP latest SP3 machine and it didn't work even on latest chrome.
    So I prefer Cloudflare for now :).
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  4. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:51 PM
    Mainline
    10.2
    upload_2015-12-3_12-38-48.png

    Not working on Chrome Version 47.0.2526.73 m.
     
  5. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:51 PM
    Mainline
    10.2
    Works fine on Firefox 42
    upload_2015-12-3_12-40-56.png
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:51 PM
    Mainline
    10.2
    Any other domain I can test?
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    They all use same ssl cipher preferences so will be same result heh - bye bye WinXP :)
     
  9. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:51 PM
    Mainline
    10.2
    Haha, no way, I have 10% XP user's.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    then you need to edit your ssl protocol and ssl ciphers afterwards :)
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Heads up on initial public beta's rate limits in place at Public beta rate limits - Issuance Tech Questions - Let's Encrypt Community Support

     
    Last edited: Dec 4, 2015
  12. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    News
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Just trying out Centmin Mod's Letsencrypt integration on 123.09beta01le branch running the previously generated le12.http2ssl.xyz cronjob manually. Switched to public beta API server endpoint instead of staging so get valid fully web browser trusted SSL certificate

    previous le12.http2ssl.xyz SSL certificate expiry date
    Code:
    ./expirydate.sh
    
    /etc/letsencrypt/live/le10.http2ssl.xyz/cert.pem
    certificate expires in 71 days on 13 Feb 2016
    
    /etc/letsencrypt/live/le11.http2ssl.xyz/cert.pem
    certificate expires in 81 days on 23 Feb 2016
    
    /etc/letsencrypt/live/le12.http2ssl.xyz/cert.pem
    certificate expires in 82 days on 24 Feb 2016
    re-run previously generated le12.http2ssl.xyz cronjob manually
    Code:
    bash /usr/local/nginx/conf/ssl/le12.http2ssl.xyz/letsencrypt-le12.http2ssl.xyz-cron
    
    IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/le12.http2ssl.xyz/fullchain.pem. Your cert
       will expire on 2016-03-02. To obtain a new version of the
       certificate in the future, simply run Let's Encrypt again.
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    Reloading nginx:                                           [  OK  ]
    new expiry date
    Code:
    ./expirydate.sh
    
    /etc/letsencrypt/live/le10.http2ssl.xyz/cert.pem
    certificate expires in 71 days on 13 Feb 2016
    
    /etc/letsencrypt/live/le11.http2ssl.xyz/cert.pem
    certificate expires in 81 days on 23 Feb 2016
    
    /etc/letsencrypt/live/le12.http2ssl.xyz/cert.pem
    certificate expires in 89 days on 2 Mar 2016
    End result working Centmin Mod Nginx HTTP/2 SSL site using a free Letsencrypt SSL certificate https://le2.http2ssl.xyz :D

    SSLLabs dev test SSL Server Test: le12.http2ssl.xyz (Powered by Qualys SSL Labs)

    upload_2015-12-4_4-45-28.png

    cipherscan test
    Code:
    cipherscan le12.http2ssl.xyz:443
    ............................
    Target: le12.http2ssl.xyz:443
    
    prio  ciphersuite                  protocols              pfs                 curves
    1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                ECDH,P-256,256bits  prime256v1
    2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
    3     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                ECDH,P-256,256bits  prime256v1
    4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2                DH,2048bits         None
    5     DHE-RSA-AES256-GCM-SHA384    TLSv1.2                DH,2048bits         None
    6     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
    7     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    8     ECDHE-RSA-AES256-SHA384      TLSv1.2                ECDH,P-256,256bits  prime256v1
    9     ECDHE-RSA-AES256-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    10    DHE-RSA-AES128-SHA256        TLSv1.2                DH,2048bits         None
    11    DHE-RSA-AES128-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    12    DHE-RSA-AES256-SHA256        TLSv1.2                DH,2048bits         None
    13    DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    14    AES128-GCM-SHA256            TLSv1.2                None                None
    15    AES256-GCM-SHA384            TLSv1.2                None                None
    16    AES128-SHA256                TLSv1.2                None                None
    17    AES256-SHA256                TLSv1.2                None                None
    18    AES128-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
    19    AES256-SHA                   TLSv1,TLSv1.1,TLSv1.2  None                None
    
    Certificate: trusted, 2048 bits, sha256WithRSAEncryption signature
    TLS ticket lifetime hint: 3600
    OCSP stapling: supported
    Cipher ordering: server
    Curves ordering: server - fallback: no
    Server supports secure renegotiation
    Server supported compression methods: NONE
    TLS Tolerance: yes
    testssl test
    Code:
    testssl le12.http2ssl.xyz:443
    
    ###########################################################
        testssl       2.7dev from https://testssl.sh/dev/
        (1.423 2015/11/28 16:33:09)
    
          This program is free software. Distribution and
                 modification under GPLv2 permitted.
          USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!
    
           Please file bugs @ https://testssl.sh/bugs/
    
    ###########################################################
    Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)
    
    SSLv2      not offered (OK)
    SSLv3      not offered (OK)
    TLS 1      offered
    TLS 1.1    offered
    TLS 1.2    offered (OK)
    SPDY/NPN   h2, http/1.1 (advertised)
    
    Testing ~standard cipher lists
    
    Null Ciphers                 not offered (OK)
    Anonymous NULL Ciphers       not offered (OK)
    Anonymous DH Ciphers         not offered (OK)
    40 Bit encryption            not offered (OK)
    56 Bit encryption            not offered (OK)
    Export Ciphers (general)     not offered (OK)
    Low (<=64 Bit)               not offered (OK)
    DES Ciphers                  not offered (OK)
    Medium grade encryption      not offered (OK)
    Triple DES Ciphers           not offered (OK)
    High grade encryption        offered (OK)
    
    
    Testing (perfect) forward secrecy, (P)FS -- omitting 3DES, RC4 and Null Encryption here
    
    PFS is offered (OK)  ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA
    
    
    Testing server preferences
    
    Has server cipher order?     yes (OK)
    Negotiated protocol          TLSv1.2
    Negotiated cipher            ECDHE-RSA-CHACHA20-POLY1305, 256 bit ECDH
    Cipher order
         TLSv1:     ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA
         TLSv1.1:   ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-SHA AES256-SHA
         TLSv1.2:   ECDHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA
         h2:        ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA
         http/1.1:  ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA
    
    
    Testing server defaults (Server Hello)
    
    TLS server extensions (std)  "server name" "renegotiation info" "EC point formats" "session ticket" "status request" "next protocol"
    Session Tickets RFC 5077     3600 seconds (PFS requires session ticket keys to be rotated <= daily)
    SSL Session ID support       yes
    Server key size              2048 bit
    Signature Algorithm          SHA256 with RSA
    Fingerprint / Serial         SHA1 815EB565DAC210C4CECAFE125899374786BFE2D1 / 0195E067A220D2083468AA50F1FAD06977FB
                                  SHA256 8804577F5FBC9B2F8A3F71693EE02FA8032B00E58F6EA3F94DA8044728ACE041
    Common Name (CN)             "le12.http2ssl.xyz" (CN in response to request w/o SNI: "le10.http2ssl.xyz")
    subjectAltName (SAN)         "le12.http2ssl.xyz"
    Issuer                       "Let's Encrypt Authority X1" ("Let's Encrypt" from "US")
    EV cert (experimental)       no
    Certificate Expiration       >= 60 days (2015-12-03 17:39 --> 2016-03-02 17:39 +0000)
    # of certificates provided   2
    Chain of trust (experim.)    "/usr/bin/etc/*.pem" cannot be found / not readable
    Certificate Revocation List  --
    OCSP URI                     http://ocsp.int-x1.letsencrypt.org/
    OCSP stapling                offered
    TLS timestamp                random values, no fingerprinting possible
    
    
    Testing HTTP header response @ "/"
    
    HTTP Status Code             200 OK
    HTTP clock skew              0 sec from localtime
    Strict Transport Security    --
    Public Key Pinning           --
    Server banner                nginx centminmod
    Application banner           --
    Cookie(s)                    (none issued at "/")
    Security headers             --
    Reverse Proxy banner         --
    
    Testing vulnerabilities
    
    Heartbleed (CVE-2014-0160)                not vulnerable (OK) (no heartbeat extension)
    CCS (CVE-2014-0224)                       not vulnerable (OK)
    Secure Renegotiation (CVE-2009-3555)      not vulnerable (OK)
    Secure Client-Initiated Renegotiation     not vulnerable (OK)
    CRIME, TLS (CVE-2012-4929)                not vulnerable (OK)
    BREACH (CVE-2013-3587)                    no HTTP compression (OK)  - only supplied "/" tested
    POODLE, SSL (CVE-2014-3566)               not vulnerable (OK)
    TLS_FALLBACK_SCSV (RFC 7507), experim.    Downgrade attack prevention supported (OK)
    FREAK (CVE-2015-0204)                     not vulnerable (OK)
    LOGJAM (CVE-2015-4000), experimental      not vulnerable (OK), common primes not checked. See below for any DH ciphers + bit size
    BEAST (CVE-2011-3389)                     TLS1: AES128-SHA DHE-RSA-AES128-SHA
                                                     AES256-SHA DHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
                                                     ECDHE-RSA-AES256-SHA
                                               VULNERABLE -- but also supports higher protocols (possible mitigation): TLSv1.1 TLSv1.2
    RC4 (CVE-2013-2566, CVE-2015-2808)        no RC4 ciphers detected (OK)
    
    
    Testing all 181 locally available ciphers against the server, ordered by encryption strength
    
    Hexcode  Cipher Suite Name (OpenSSL)    KeyExch.   Encryption Bits
    -------------------------------------------------------------------------
    xcc13   ECDHE-RSA-CHACHA20-POLY1305    ECDH 256   ChaCha20   256                                                                                
    xc030   ECDHE-RSA-AES256-GCM-SHA384    ECDH 256   AESGCM     256                                                                                
    xc028   ECDHE-RSA-AES256-SHA384        ECDH 256   AES        256                                                                                
    xc014   ECDHE-RSA-AES256-SHA           ECDH 256   AES        256                                                                                
    x9f     DHE-RSA-AES256-GCM-SHA384      DH 2048    AESGCM     256                                                                                
    x6b     DHE-RSA-AES256-SHA256          DH 2048    AES        256                                                                                
    x39     DHE-RSA-AES256-SHA             DH 2048    AES        256                                                                                
    x9d     AES256-GCM-SHA384              RSA        AESGCM     256                                                                                
    x3d     AES256-SHA256                  RSA        AES        256                                                                                
    x35     AES256-SHA                     RSA        AES        256                                                                                
    xc02f   ECDHE-RSA-AES128-GCM-SHA256    ECDH 256   AESGCM     128                                                                                
    xc027   ECDHE-RSA-AES128-SHA256        ECDH 256   AES        128                                                                                
    xc013   ECDHE-RSA-AES128-SHA           ECDH 256   AES        128                                                                                
    x9e     DHE-RSA-AES128-GCM-SHA256      DH 2048    AESGCM     128                                                                                
    x67     DHE-RSA-AES128-SHA256          DH 2048    AES        128                                                                                
    x33     DHE-RSA-AES128-SHA             DH 2048    AES        128                                                                                
    x9c     AES128-GCM-SHA256              RSA        AESGCM     128                                                                                
    x3c     AES128-SHA256                  RSA        AES        128                                                                                
    x2f     AES128-SHA                     RSA        AES        128
    
    curl over HTTP/1.1 and HTTP/2
    Code:
    curl -I https://le12.http2ssl.xyz   
    HTTP/1.1 200 OK
    Date: Thu, 03 Dec 2015 18:53:55 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 1374
    Last-Modified: Thu, 26 Nov 2015 06:19:37 GMT
    Connection: keep-alive
    ETag: "5656a479-55e"
    Server: nginx centminmod
    Expires: Fri, 04 Dec 2015 18:53:55 GMT
    Cache-Control: max-age=86400
    Cache-Control: public, must-revalidate, proxy-revalidate
    Accept-Ranges: bytes
    http2 flag only supported in curl version with nghttp2 library which is a pain to install on CentOS so I use my Docker nghttp2 image via Ubuntu 15 which has all the SSL/TLS and HTTP/2 tools bundled together :)
    Code:
    curl -I --http2 https://le12.http2ssl.xyz    
    HTTP/2.0 200
    date:Thu, 03 Dec 2015 18:54:09 GMT
    content-type:text/html; charset=utf-8
    content-length:1374
    last-modified:Thu, 26 Nov 2015 06:19:37 GMT
    etag:"5656a479-55e"
    server:nginx centminmod
    expires:Fri, 04 Dec 2015 18:54:09 GMT
    cache-control:max-age=86400
    cache-control:public, must-revalidate, proxy-revalidate
    accept-ranges:bytes
    nghttp2 HTTP/2 client check = negotiated protocol = h2 = HTTP/2
    Code:
    nghttp -nv https://le12.http2ssl.xyz
    [  0.016] Connected
    The negotiated protocol: h2
    [  0.046] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
              (niv=3)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):128]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):2147483647]
              [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]
    [  0.046] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
              (window_size_increment=2147418112)
    [  0.046] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
              (niv=2)
              [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
              [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
    [  0.047] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.047] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
              (dep_stream_id=0, weight=201, exclusive=0)
    [  0.047] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
              (dep_stream_id=0, weight=101, exclusive=0)
    [  0.047] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
              (dep_stream_id=0, weight=1, exclusive=0)
    [  0.047] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
              (dep_stream_id=7, weight=1, exclusive=0)
    [  0.047] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
              (dep_stream_id=3, weight=1, exclusive=0)
    [  0.047] send HEADERS frame <length=44, flags=0x25, stream_id=13>
              ; END_STREAM | END_HEADERS | PRIORITY
              (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
              ; Open new stream
              :method: GET
              :path: /
              :scheme: https
              :authority: le12.http2ssl.xyz
              accept: */*
              accept-encoding: gzip, deflate
              user-agent: nghttp2/1.5.1-DEV
    [  0.061] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
              ; ACK
              (niv=0)
    [  0.061] recv (stream_id=13) :status: 200
    [  0.061] recv (stream_id=13) date: Thu, 03 Dec 2015 18:53:04 GMT
    [  0.061] recv (stream_id=13) content-type: text/html; charset=utf-8
    [  0.061] recv (stream_id=13) content-length: 1374
    [  0.061] recv (stream_id=13) last-modified: Thu, 26 Nov 2015 06:19:37 GMT
    [  0.061] recv (stream_id=13) etag: "5656a479-55e"
    [  0.061] recv (stream_id=13) server: nginx centminmod
    [  0.061] recv (stream_id=13) expires: Fri, 04 Dec 2015 18:53:04 GMT
    [  0.061] recv (stream_id=13) cache-control: max-age=86400
    [  0.061] recv (stream_id=13) cache-control: public, must-revalidate, proxy-revalidate
    [  0.061] recv (stream_id=13) accept-ranges: bytes
    [  0.061] recv HEADERS frame <length=287, flags=0x04, stream_id=13>
              ; END_HEADERS
              (padlen=0)
              ; First response header
    [  0.061] recv DATA frame <length=1374, flags=0x01, stream_id=13>
              ; END_STREAM
    [  0.061] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
              (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
     
    Last edited: Dec 4, 2015
  14. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: Dec 4, 2015
  15. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @RoldanLT regarding Letsencrypt and WinXP support even for WinXP SP3 see Which browsers and operating systems support Let's Encrypt - Server Configuration - Let's Encrypt Community Support

    Remember to check your Google Analytics web browser / OS breakdown profiles to see what your visitors are using OS/browser versions wise and decide whether supporting WinXP is needed still :)
    • 146,442/148,412 chrome browsers used by non-WInXP = 98.67%
    • 1,970/148,412 chrome browsers used by WinXP = 1.327%
    • 65,496/67,178 firefox used by non-WinXP = 97.450%
    • 1,682/67,178 firefox used by WinXP = 2.50%
    • 13,200/13,201 safari used by non-WinXP = 99..99%
    • 8,259/8,393 IE used by non-WinXP = 98.4%
    • 134/8,383 IE used by WinXP = 1.598%
    • 5,240/5,369 Opera used by non-WinXP = 97.597%
    • 129/5,369 Opera used by WinXP = 2.40%
    • Total WinXP OS portion = 1.6% of all browser sessions and just look at Avg Session Duration for WinXP browsers ;)

    dec4-2015-webbrowser-profiles-ga-00.png
     
    Last edited: Dec 4, 2015
  16. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Letsencrypt stats from Dec 2nd midnight to Dec 3rd midnight = ~9.3k certificates issued !

    upload_2015-12-4_10-10-17.png

    upload_2015-12-4_10-11-39.png
     
  17. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  18. rdan

    rdan Well-Known Member

    5,439
    1,398
    113
    May 25, 2014
    Ratings:
    +2,187
    Local Time:
    10:51 PM
    Mainline
    10.2
  19. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yup there's a list of 3rd party Letsencrypt client implementations at List of Client Implementations - Client Dev. However, I chose to use official LE client's webroot as it's maintained officially by Letsencrypt folks so will always get the most recent changes and updates first hand. Other 3rd party Letsencrypt clients do need to keep up and may get outdated as time goes by. I posted my concerns at Preventing Letsencrypt 3rd party clients going the Android way? too :)
     
    Last edited: Dec 8, 2015
  20. eva2000

    eva2000 Administrator Staff Member

    53,250
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    12:51 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+