Dear colleagues, Some time ago, there was discussion on this list about deploying Letsencrypt certificates on anchors. We had said we would investigate the possibility of doing this. We are pleased to report that we have worked out how to do this seamlessly. Early next week, all RIPE Atlas anchors will switch to Letsencrypt certificates. Note that we will re-use the existing keys on the anchors to request the Letsencrypt certificates. The TLSA records of all anchors are pinned to these private keys, and so they will not change. Regards, Anand Buddhdev RIPE NCC
Dear Anand, As a big supporter of both Let's Encrypt and RIPE Atlas, this is great news! I'm happy to hear this, and appreciate the RIPE NCC's commitment to it. Best, -Michael On Fri, Dec 13, 2019 at 11:18 AM Anand Buddhdev <anandb@ripe.net> wrote:
Dear colleagues,
Some time ago, there was discussion on this list about deploying Letsencrypt certificates on anchors. We had said we would investigate the possibility of doing this.
We are pleased to report that we have worked out how to do this seamlessly. Early next week, all RIPE Atlas anchors will switch to Letsencrypt certificates. Note that we will re-use the existing keys on the anchors to request the Letsencrypt certificates. The TLSA records of all anchors are pinned to these private keys, and so they will not change.
Regards, Anand Buddhdev RIPE NCC
Excellent news, Anand - thanks a lot! Von meinem Android-Gerät gesendet. -----Original Message----- From: Anand Buddhdev <anandb@ripe.net> To: RIPE Atlas <ripe-atlas@ripe.net> Sent: Fr., 13 Dez. 2019 11:19 Subject: [atlas] Letsencrypt certificates on anchors Dear colleagues, Some time ago, there was discussion on this list about deploying Letsencrypt certificates on anchors. We had said we would investigate the possibility of doing this. We are pleased to report that we have worked out how to do this seamlessly. Early next week, all RIPE Atlas anchors will switch to Letsencrypt certificates. Note that we will re-use the existing keys on the anchors to request the Letsencrypt certificates. The TLSA records of all anchors are pinned to these private keys, and so they will not change. Regards, Anand Buddhdev RIPE NCC
participants (3)
-
Anand Buddhdev -
Carsten Schiefner -
Michael J. Oghia