Internet

This post originated on a question from a colleague about how to make your services restart automatically upon automated certificate rotation and replacement.

This post contains a recollection of my last 4 years using DANE to secure the TLS certificates for all my projects and personal development.

Over the years I’ve compiled a collection of rules to improve the effectiveness of SpamAssassin for stopping spam leaking into my servers. This post summarizes the steps required to add my channel to your SpamAssassin setup.

Certain use cases preclude DNS dynamic updates to a zone for technical, policy or other reasons. This post explains a simple way to enable automatic DNS-based authorization for Let’s Encrypt certificates – and perhaps for other vendors’ – by way of delegating the authorization challenge to a trusted DNS zone.

Let’s Encrypt and Certbot can provide wildcard certificates when the validation process is carried out via DNS. This post explains my setup and introduces some new scripts I’ve uploaded to make this task easier.

I manage my own DNS servers for my personal projects and some of the causes I support. This gives me absolute control over the operation. Recently I decided to return to a 100% dynamically updated setup – where records can be added securely and in real time from anywhere. This post includes some notes on how to do this easily.

Implementing TLSA or HPKP for certificate pinning while using automated certificate authorities such as Let’s Encrypt can be tricky. These notes explain how I do it on my servers, using GnuTLS to do the heavylifting.

This post collects some of my notes in quickly configuring sets of domain names for DNSSEC using BIND9. There are many in-depth tutorials on setting up DNSSEC, so this is just my notes on how I deal with groups of tens to hundreds of domains at a time.

This post discusses various additions in your website configuration that help protect your visitors from various forms of attack. While not really a requirement for most personal sites such as this, hopefully the discussion below will be of help to people in charge of more sensitive sites.

Managing multiple sets of certificates with Let’s Encrypt and Certbot does not have to be complicated. This post contains some of my notes about managing servers with Nginx, Sendmail and Dovecot along with Let’s Encrypt certificates.

This is a quick post documenting the most recent Sendmail setup that I’m testing for a project. It differs slightly from my typical setup on Debian systems, so I’m documenting it here mostly for the sake of keeping notes.