Hacker News new | comments | ask | show | jobs | submit login

After trying a few other Clients, which all were too complicated to get to work on my ancient Debian, i sucessfully used this one. I only needed to patch some sting formatting (replace {} with {0}, {1} etc). And install argparse from pip.

Debian stable (jessie) and oldstable (wheezy) both have python 2.7, which supports the {} syntax. Why are you still running Debian oldoldstable (squeeze) or older? The standard security support ended long ago, and even the LTS security support ends in February 2016.

It still works and because LTS only ends Februar 2016. never change a running system.

This implies you are using Python 2.6; note other comments about the lack of certificate verification. Consider generating the signing request on your own PC instead, but note you should still generate the keys on the server.

The problem with security is that whilst it may not appear to matter, lots of little holes can add up to one big one. For example, MITM implies you can't trust the data you're getting back...

MITM is really absolutely not a Problem here, there is no private data transmitted.

Someone else here points out that a MITM to Let's Encrypt could cause you to host someone else's ownership challenge for the domain, thus the attacker could use you to prove the attacker controls your domain name.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact