How to Deploy #LDAP Server and Client on Rocky Linux #VPS (389 Directory Server Guide) Below is a comprehensive, step-by-step guide to deploying the 389 Directory Server on Rocky Linux VPS instances, and configuring a separate Rocky Linux machine as an LDAP client.

It covers everything from package installation and initial instance setup, through ...
Continued https://blog.radwebhosting.com/how-to-deploy-ldap-server-and-client-on-rocky-linux-vps-389-directory-server-guide/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #opensource #directoryserver #selfhosted #letsencrypt #security #selfhosting #identitymanagement #rockylinux

Weird thing that `certbot delete`seems to be the simplest and fastest command to get a list of the #letsencrypt certificates my web server manages.

UPDATE: Thx to the replies, I implemented the change for all my domains, did a `certbot renew --dry-run` and that succeeded. Yay to a cleaner config :)

#NerdQuestion. When I move {server [...] } blocks in `/etc/nginx/nginx.conf` to separate files in the `/etc/nginx/conf.d` directory, will certbot still find them and will automatic renewals just keep working as before? Anyone with experience on that?

Just requested that Auto Encrypt¹ is added to the list of @letsencrypt clients for Node.js and that Kitten² is added to the list of projects that integrate Let’s Encrypt support:

• https://github.com/letsencrypt/website/pull/1921
• https://github.com/letsencrypt/website/pull/1922

I originally requested that Auto Encrypt and Site.js (the precursor to Kitten, now sunset) be added to the list in 2021. It was not approved (no reason given), so hopefully this time will be different.

https://github.com/letsencrypt/website/pull/1203

¹ https://codeberg.org/small-tech/auto-encrypt
² https://kitten.small-web.org

Auto Encrypt – heads up!

In the next minor version release of Auto Encrypt¹, we’ll be moving from a hard-coded date-based certificate renewal check to using ACME Renewal Information (ARI)².

The change³ should be seamless.

If you have any concerns, now is the time to raise them :)

#AutoEncrypt #TLS #LetsEncrypt #SmallTech #SmallWeb

¹ Drop-in Node.js https server replacement that automatically provisions and renews Let’s Encrypt certificates for you. (https://codeberg.org/small-tech/auto-encrypt#auto-encrypt)
² https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
³ https://codeberg.org/small-tech/auto-encrypt/src/branch/main/CHANGELOG.md#4-4-0-2025

How to Install #PeerTube on #Ubuntu VPS

This article provides an in-depth guide demonstrating how to install PeerTube on Ubuntu VPS.
What is PeerTube?
PeerTube is a decentralized, federated video hosting platform powered by WebTorrent and ActivityPub. It enables users to self-host video services and interact with other PeerTube ...
Continued https://blog.radwebhosting.com/how-to-install-peertube-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #selfhosted #nodejs #vpsguide #opensource #letsencrypt #fediverse #decentralized #installguide #selfhosting #videostreaming

Dinge um die ich als IT Entscheidender einen großen Bogen mache:

- #broadcom
- #hp
- #lenovo
- #lancom
- Eigene #mailserver
- Telefonanlagen-Dienstleister
- proprietäre Security (Firewall, SIEM, etc.)
- Windows (sofern Möglich)
- #office365 (oder wie auch immer das diese Woche heißt)
- #sap
- Datenverarbeitung auf Android
- Port Forwards
- #docker
- Cloud/SaaS Dienste
- Tageslicht
- GData, Symantec etc.
- GoDaddy und Co.
- Zertifikate zum Kauf #letsencrypt

Wie sieht eure Liste so aus?

To all the people upset about #letsencrypt removing TLS Client Auth support from certificates, yes it sucks, but please direct your anger at Google who initiated this change. LetsEncrypt cannot exist if the biggest browser doesn't accept their certificates. Yell at Google, Not LE please.

Hej - finally #letsencrypt is able to learn!
Ending TLS Client Authentication Certificate Support in 2026 - Let's Encrypt
https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/

I am totally sure (sarcasm included) that #Google has totally overseen that their planned changes to their root program requirements will cause a lot of problems for mailserver owners like me who in future might run into weird problems with #Letsencrypt certificates for SMTP. I am sure that Google is absolutely not trying to make running your own mailserver even more complicated just to protect their gmail business. That would be totally not how Google thinks, amirite? https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/

Dear #Letsencrypt, you helped secure millions and millions of servers, not just web servers. But your announcement at https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/ about ending Ending TLS Client Authentication Certificate Support in 2026 because Google changes their requirements would result in your certificates becoming a possible risk for ensuring SMTP traffic. Please think again. Please.

1/5

What the actual fuck, #LetsEncrypt‽

Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026.

That makes them unusable for SMTP servers. Gah!

Anyone got a usable alternative that doesn’t ruin financially?

Update: I’m in communication with them, let’s hope they recognise the usefulness.

OMG. I figured out how to auto-update the SSL certificate for https://onepage.pub/ using https://cert-manager.io . What a lifesaver! #k8s #letsencrypt

Dropped a new Blogpost https://tinfoil-hat.net/posts/proxmox-server-vps-single-ip/

Please tell me what you think about it :-)

New Kitten Release

To OCSP¹ or not to OCSP…

• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.

This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)

https://kitten.small-web.org

Also updated, if you’re interested in playing lower in the stack:

• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encrypt

Enjoy!

¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)