LetsEncrypt提供免费的ssl证书进行加密,被迫吊销某些证书。
Boulder, CA. DNS CAA , , , 30 . , , CAA 8 , , , .
? N , CAA — Boulder N . , ( X+30 ) CAA, LetsEncrypt.
-, .
, :
# https
openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :
# @simpleadmin
echo | openssl s_client -connect example.com:443 |& openssl x509 -noout -serial
# , SMTP
openssl s_client -connect example.com:25 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :
# , SMTP
openssl s_client -connect example.com:587 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :
# , IMAP
openssl s_client -connect example.com:143 -starttls imap -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :
# , IMAP
openssl s_client -connect example.com:993 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial\ Number | tr -d :
#
, — ().
certbot:
certbot renew --force-renewal
29 2020 , 3:10 UTC 5:22 UTC. 25 2019 , .
UPD: ip-.