docs
docs copied to clipboard
linode
(more strongly) recommend using a trusted CA
The current text makes it seem as if using a self-signed certificate was a reasonable choice. With the proliferation of free, easy-to-renew certificates such as Let's Encrypt, it really seems that we can more strongly encourage good security practice instead of training people to deploy self-signed certs and click through certificate warnings, so this PR nudges users a bit more strongly to use a trusted CA.
Deploy Preview for nostalgic-ptolemy-b01ab8 ready!
| Name | Link |
|---|---|
| Latest commit | 8d377ba1e01368ac7e67a86fc28df2a2bfe91256 |
| Latest deploy log | https://app.netlify.com/sites/nostalgic-ptolemy-b01ab8/deploys/630786d1d0e7270009e03b9f |
| Deploy Preview | https://deploy-preview-5573--nostalgic-ptolemy-b01ab8.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site settings.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
The guide linked to here is specifically about purchasing and using a commercial TLS cert rather than using an ACME-provided cert.
Personally, I'd rather encourage people to use one of the free providers these days as you mention above, but it looks like the Let's Encrypt doc we have is considered deprecated in favor of a web-specific doc that doesn't quite apply here. Linking to something like that would be my preference, but linking to a deprecated doc would feel weird...
Yeah, I had specifically changed the wording from "purchase a signed certificate" to "request a trusted certificate" to avoid favoring a commercial solution. Changing the content of the linked doc at https://www.linode.com/docs/guides/obtain-a-commercially-signed-tls-certificate/ (which does include LE explicitly) is something that might make sense but it outside the intended scope of this PR.
Thanks @jschauma. Tweaked your changes a bit and then added back in information on responsibly using self-signed certificates (internal-only usage really). This should go live later today.
