<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><title>Lets Encrypt cert renewal and Website Redirect</title><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>It seems service providers on this list spend a lot of time tinkering with Lets Encrypt to keep it working. Out of curiosity, what is the reason not to just tell your customers to buy a cert from a certificate authority (one that actually charges money)? Yes, I realize certs expire, but on the timeframe of years, not months. Also the webhost doesn’t have to send emails, hope they work, etc. The customer give you the keys, you install them on the server.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m not arguing for one approach or the other, just want to know the reasoning behind incurring what is apparently a lot of trouble.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Blueonyx <blueonyx-bounces@mail.blueonyx.it> <b>On Behalf Of </b>Tobias Gablunsky<br><b>Sent:</b> Thursday, June 30, 2022 11:19 AM<br><b>To:</b> BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it><br><b>Subject:</b> [BlueOnyx:25485] Lets Encrypt cert renewal and Website Redirect<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'>Hi there,<o:p></o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'><o:p> </o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'>how do you proceed to renew lets encrypt certificates for websites that are permanent redirects only? Because automatic renewal doesn't work - the requests from lets encrypt for their files under ".wellknown/..." are forwarded as every other request.<o:p></o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'><o:p> </o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'>So I always deactivate the forwarding, renew the cert manually and re-activate it afterwards. But that's not how it's meant to be, is it?<o:p></o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'><o:p> </o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'>From my point of view, this task has to be integrated into BlueOnyx: deactivate redirect -> renew certificate -> reactivate redirect. Don't you think so?<o:p></o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'><o:p> </o:p></span></p><p style='margin:0in'><span style='font-family:"Arial",sans-serif'>Regards,<br>Tobias<o:p></o:p></span></p></div></body></html>