Hey everyone! I'm trying to figure out how to handle the recent change to 47-day SSL certificates. I manage multiple clients with certs from various providers like GoDaddy, Sectigo, and Azure, and I'm in need of a solid automated solution. Half of my sites are on traditional VMs running IIS, while the other half are Windows-based Azure App Services utilizing Azure Key Vault for cert storage. I assume there's some automation available with Key Vault for the App Services, but I'm unsure how to tackle it for the VMs. I've looked into win-acme, but ran into issues loading the Key Vault plugins, and it doesn't seem ideal for enterprise use. I'm curious about how others are approaching this situation and would love to hear any software recommendations. I'm open to paid options, as long as they're reasonable!
1 Answer
For many folks, the shift towards shorter certificate lifespans has led to using free providers like Let's Encrypt. This change seems to disrupt traditional certificate businesses! Automating with Let's Encrypt works well for both internal and external sites, although some still rely on longer-lasting internal certs.
We're also using Cloudflare to issue short-lived certificates for external use. For internal, we stick with self-signed certs as long as our servers are secure. By the way, is Let's Encrypt just the local installation of their service?