Greenlock(-express) Letsencrypt Fails with ECONNRESET

Problem: after upgrading vom greenlock-express v2.0 to v2.5 and switching from acme-v1 to acme-v2 every attempt to register a new TLS cert with Letsencrypt fails with “ECONNRESET” Discussion: the new version of greenlock tries to validate the .well-known/acme-challenge file before asking letsencrypt for the certificate.If your webserver is behind a loadbalancer or firewall and the …

Continue reading ‘Greenlock(-express) Letsencrypt Fails with ECONNRESET’ »

Configure F5 TLS (SSL) Cipher String

The list of TLS ciphers is changing quite rapidly, old ciphers are considered insecure, and new ciphers are added. When you configure a virtual server on an F5 you can add a TLS client profile, which means F5 is doing TLS to the client. I think this is a bit misleading because with “SSL client profile” …

Continue reading ‘Configure F5 TLS (SSL) Cipher String’ »