arrow_upward

Pages (4):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Getting Let's Encrypt Wildcard Certificates
#31
@Melvin

Do you know what SSL/TLS certificates are? These are certificates to encrypt traffic of web servers and mail servers and to verify identity of websites or clients. They will not work with game servers or other applications. It will not protect anything from DoS/DDoS because it isn't made for this purpose.

So no wonder you "face a lot of issues". I don't know what you're trying to do exactly but based on your question... it will most likely not work.
[Image: zHHqO5Q.png]
#32
@Hidden Refuge
i knew SSL/TLS certificates that gives your domain https and a protection what i was thinking that it protects you from ddos but its okay now i understood the faction of it and what it does exactly. i'm asking what about cloud flare it provides this certificates and i saw a lot famous sites using it. and you know that couldflare that provides protection to your website thats why i mixed your tutorial with ddos attacks. do you recommended using clouldflare?.
Watch this beauty till the end..

#33
@Melvin

Cloudflare offers certificates for HTTPS service when you use their CDN service (reverse proxy) for your site. In that case the certificate is installed on their servers instead of on your server in the most common mode. They have other modes where you can additionally install a certificate on your server to also encrypt communication between Cloudflare and your server. All of that might sound good and awesome because it is for free, right? Especially when Cloudflare offers free wildcard certificates for your whole domain.

I would however not recommend to use Cloudflare together with their CDN and HTTPS service if you value real security and privacy. Cloudflare sits between your visitors and your servers. So they are a "man in the middle" and a man in the middle can decrypt traffic from both sides and modify how they wish before encrypting it again and sending it back. This is a huge security risk and also a violation of privacy. This MITM (man in the middle) attack can be used to steal information or inject malicious code into websites (including possible viruses, malware and similar).

I only use Cloudflare for their DNS hosting because they provide free anycast DNS with a lot of locations world wide, a proper API and support for a lot of DNS records incuding DNSSEC (mechanism to introduce more security in the DNS system). Now if you don't use Cloudflare's CDN service you get no DoS/DDoS protection at all because your server is no longer hidden behind the Cloudflare reverse proxy.

And you should take their DDoS protection with a grain of salt as a free user! They can turn if off whenever they want (e.g. when the attack becomes to big). As a free user the protection also only applies to websites. If you are a paid user however you can hide quite a it more than just websites behind their protection and you get guaranteed protection. The paid plans however are quite expensive.

TL;DR: Cloudflare CDN and their HTTPS function shouldn't be used if real security and privacy is valued. The DDoS protection that comes with the free plan is not to be taken for granted and might be turned off at the slighest attack. Free users can only hide their websites behind the protection and nothing else.


This is getting offtopic. Nothing about Let's Encrypt or this tutorial. Please stay ontopic or staff will close this quickly. Thank you.
[Image: zHHqO5Q.png]
#34
(05-01-2019, 11:50 AM)Hidden Refuge Wrote: @Kururin

Thank you for sharing this information. Unfortunately the API of 1984.is is so limited, that it is only able to update an A record value for an existing A record of a domain. So using it with the services from the information you provided is impossible sadly. So I did something I didn't really like... I moved by domain DNS hosting to Cloudflare for DNS hosting only (not going to use any other features of their service). I will take a look at the lego acme client for automated renewal and update of DNS records.

Yea, unfortunately those registars don't support API key, I would want to suggest you DNS.HE.NET but I am not sure if it had any API feature that auto updates records?
No one knows what the future holds, that's why its potential is infinite
Pages (4):


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting