Posted over 2 years ago. Visible to the public.

HTTPS / SSL

At makandra we can provide different solutions for HTTPS/SSL.

Let's Encrypt is a certificate authority that launched on April 12, 2016 that provides free X.509 certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the current complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites.

https://en.wikipedia.org/wiki/Let's_Encrypt

  • You can get certificates free of charge.
  • You don't have to worry about verification mails, expiring or reissuing certificates.
  • Everything is automated and monitored.
  • If your application need to get accessed by very old clients like old Java Versions, the certificate is perhaps not usable for you (see here).

There is one caveat: When one of your domains with Let's Encrypt is deleted or does not longer point to our IP and that change has not been communicated to us, the automated renewal of the certificate will stop working and thus the certificate will expire for all your applications after 30 to 60 days and all browsers will show an SSL certificate error.

Let makandra buy a certificate for you

  • If you need a special certificate (like a wildcard or EV certificate) or don't want to use Let's Encrypt we can buy and configure the certificate for you. Due to the complicated pricing model of ssl certificates please ask for a price list.
  • For the verification you need to have access to one of these email address of your domain:
    • admin@[yourdomain]
    • postmaster@[yourdomain]
    • hostmaster@[yourdomain]
    • webmaster@[yourdomain]
    • administrator@[yourdomain]

Buy a certificate yourself

  • You can also use an existing or self bought certificate.
  • Please talk with us about how to send us your certificate key. Do not send us the key of your certificate through an unencrypted channel.

Additional IP addresses for additional certificates

In the past we only allowed one certificate per IP because SNI support was not readily available. In the future we will automatically use multiple certificates per IP if needed. Please tell us if you are working with really old Software that does not support SNI (e.g. Java 1.6).

Owner of this card:

Avatar
Thomas Eisenbarth
Last edit:
1 day ago
by Marius Schuller
Posted by Thomas Eisenbarth to opscomplete
This website uses cookies to improve usability and analyze traffic.
Accept or learn more