[Raion]

Thanks to a generous donor, I have two years of a wildcard SSL to use for IRIXNet. This is kind of important because open fire does not work properly with 90-day SSL certificates so we should be good on our workflow from here on. Left me know if there's any issues.

[vishnu]

Hmm, weird, I buy my cert from pair networks and it's so cheap it's like they're givin' it away...

[Raion]

Wildcards can still get expensive.

[vishnu]

I didn't know that, I don't host any subdomains... 😜

[jan-jaap]

LetsEncrypt has offered free wildcard certificates for a couple of years now.

[Raion]

Nothing that was offered by the free certificate providers was going to work for irixnet's particular use case. Openfire does not store its certificates in a directory so I couldn't automate or script it, I would have to go in every 90 days and post it. There are also numerous other issues with 90 day domain validation stuff that I just don't want to have to deal with for a site that's this important/cornerstone. Namely whenever they have down time or when they are rate limiting or other things and those sorts of things just can't simply be worked around. I'd rather not be at the mercy of someone else's infrastructure. 

Not to mention I would literally have to have an API key stored on the server that gives somebody privileged access to DNS. That's not a measured risk that I'm willing to take, as our servers are pretty locked down. It's impossible for instance to SSH to the forum server. A lot of things are set up to make it difficult to operate our servers should you get access thataway. 

As I'm getting away from manual tasks that have to be done every couple of weeks/months to simplify our workflow, I spoke with a long time donor of the site and asked him if he would be willing to purchase a wildcard certificate for us, and he glady provided a gift card of the right amount.

Unfortunately because apple is Apple they don't allow certificates to be more than 365 days newer so I'm still going to have to do yearly updates but I was really grateful for the kind donation.