#fedihelp #fedihilfe

I am looking for a free provider of #x509 #certificates for use with #CAI #ContentAuthenticityInitiative #C2PA #ContentCredentials. #Adobe and #PixelStream seem to offer this #service, but not for #free. Basicalky something like #LetsEncrypt, only for #images.

New Kitten Release

To OCSP¹ or not to OCSP…

• Turns on OCSP support in the server only if the site’s certificate has the OCSP stapling extension.

This is to support both servers that still have OCSP stapling in their certs as well as new ones that don’t. (Let’s Encrypt sunset OCSP support yesterday and there is a transitionary period where Kitten servers will have both types of certificates. This update is to ensure we support both without issues.)

https://kitten.small-web.org

Also updated, if you’re interested in playing lower in the stack:

• @small-tech/https: https://codeberg.org/small-tech/https
• @small-tech/auto-encrypt: https://codeberg.org/small-tech/auto-encrypt

Enjoy!

¹ Online Certificate Status Protocol (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Yes, I hate abbreviations too :)

How to Install #PeerTube on #Ubuntu VPS

This article provides an in-depth guide demonstrating how to install PeerTube on Ubuntu VPS.
What is PeerTube?
PeerTube is a decentralized, federated video hosting platform powered by WebTorrent and ActivityPub. It enables users to self-host video services and interact with other PeerTube ...
Continued https://blog.radwebhosting.com/how-to-install-peertube-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #fediverse #opensource #installguide #vpsguide #selfhosting #letsencrypt #nodejs #videostreaming #decentralized #selfhosted

Ooh, what’s this?… Look Over There!
(With apologies to Jaida Essence Hall)

So the little app I teased earlier is ready and deployed and I have our own instance running at:

https://look-over-there.small-web.org

Look Over There! lets you forward multiple domains to different URLs with full HTTPS support.

Why?

We have a number of older sites that are becoming a chore/expensive to maintain and yet I don’t want to break the web. So I thought, hey, I’ll just use the “url forwarding” feature of my domain registrar to forward them to their archived versions on archive.org.

Ah, not so fast, young cricket… seems some domain registrars’ implementations of this feature do not work if the domain being forwarded is accessed via HTTPS (yes, in 2025).

So, given Kitten¹ uses Auto Encrypt² to automatically provision Let’s Encrypt certificates, I added a domain forwarding feature to it and created Look Over There! as a friendly/simple app that provides a visual interface to it.

To see it in action, hit https://cleanuptheweb.org and you should get forwarded to the archived version of it on archive.org. I’m going to be adding more of our sites to the list in the coming days as part of an effort to reduce my maintenance load and cut down our expenses at Small Technology Foundation.

Since it’s Small Web, this particular instance is just for us. However, you can run your own copy on a VPS (or even a little single-board computer at home, etc.) A link to the source code repository is on the site. Once Domain³ is ready for use (later this year ), setting up your own instance of a Small Web app at your own server will take less than a minute.

I hope this little tool, along with the 404→307 (evergreen web) technique⁴, helps us to nurture an evergreen web and avoid link rot. (And the source code, as little as there is because Kitten does so much for you, is a good resource if you want to learn about Kitten’s new class-based component and page model which I haven’t yet had a chance to properly document.)

Enjoy!

¹ https://kitten.small-web.org
² https://codeberg.org/small-tech/auto-encrypt
³ https://codeberg.org/domain/app
⁴ https://4042307.org

La durée de validité des certificats SSL/TLS va être drastiquement réduite dans les années à venir :

- Actuellement, la durée maximale est de 398 jours
- À partir de mars 2026, elle passera à 200 jours
- À partir de mars 2027 : 100 jours
- À partir de mars 2029 : 47 jours

Die maximale Laufzeit von digitalen Zertifikaten für verschlüsselte Verbindungen zu Web- und anderen Servern wird sich künftig drastisch verkürzen. Im Jahre 2029 sind diese statt mit 398 Tagen nur noch mit 47 Tagen Laufzeit ausgestattet.

Zum Artikel: https://heise.de/-10352867?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Warum eigentlich ist #LetsEncrypt so arschig und stellt die Zertifikats-Erinnerungs-Mails ein?
Weil teuer? Echt jetzt?

I've received far more emails from let's encrypt telling me they are discontinuing their cert expiration emails than I ever received letting me know certs were expiring.

I get it! I get it!

"When Let’s Encrypt, a free certificate authority, started issuing 90 day TLS certificates for websites, it was considered a bold move that helped push the ecosystem towards shorter certificate life times. Beforehand, certificate authorities normally issued certificate lifetimes lasting a year or more. With 4.0, Certbot is now supporting Let’s Encrypt’s new capability for six day certificates through ACME profiles and dynamic renewal at:

- 1/3rd of lifetime left
- 1/2 of lifetime left, if the lifetime is shorter than 10 days"

https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs

How to Install #PeerTube on #Ubuntu VPS

This article provides an in-depth guide demonstrating how to install PeerTube on Ubuntu VPS.
What is PeerTube?
PeerTube is a decentralized, federated video hosting platform powered by WebTorrent and ActivityPub. It enables users to self-host video services and interact with other PeerTube ...
Continued https://blog.radwebhosting.com/how-to-install-peertube-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #letsencrypt #opensource #installguide #selfhosting #selfhosted #videostreaming #decentralized #nodejs #vpsguide #fediverse

Sounds like we’ll need a EU-based alternative to #letsencrypt:

https://thelibre.news/trump-cuts-funding-to-foss-projects/

"Trump cuts funding to FOSS projects

So far he hasn't been successful, but it might simply be a matter of time."

Much earlier than I expected.

Random #SelfHosting tip for any who might be interested:

If you use #GetSSL to get your #LetsEncrypt certs, you'll get four files:

* The key (example.com.key)
* The domain cert (example.com.crt)
* The CA cert (chain.crt)
* The "full chain" cert (fullchain.crt)

Make sure to use the full chain cert, *not* the domain cert, when setting up your server. Otherwise some services will give you "unknown authority" errors.

Let's Encrypt

In https://infosec.exchange/@aral@mastodon.ar.al/114224524044750719 @aral wants us to pay taxes to keep Let's Encrypt "alive". Here's another reason NOT to do that.

Apparently the *.eu.org domain needed laundrying because it's reputation became too bad. So scammers create zillions of insane domain names and obtain *FREE* (for them) certificates for those sites. Usually such sites are not malicious; they're intended to have virusscanners remove detection, eventually for the sub-TLD ".eu.org".

To see this, you may consider opening
https://crt.sh?q=eu.org
but that will fail because there are WAY too many results.

To restrict the amount of records, try a subdomain name and further restrict output by deduplicating and restricting to not expired, as follows:

https://crt.sh/?Identity=madaline.eu.org&exclude=expired&deduplicate=Y

The screenshot below gives an idea (they're all Let's Encrypt certs by the way, and I marked one with an insane domain name).

I wrote about this phenomenon before, e.g. in https://www.security.nl/posting/781057/Let%27s+Encrypt+git_git_git___ (at the time I did not understand why yet).

VirusTotal knows of 72.5K direct subdomains of *.eu.org:

"Subdomains (72.5 K)"

(open the RELATIONS tab in https://www.virustotal.com/gui/domain/eu.org/).

@TheDutchChief @EUCommission @letsencrypt @nlnet

Instead of relying on the US, the @EUCommission could have spent the equivalent of one or two state dinners on creating an EU based alternative to #LetsEncrypt. They still can :) cc @EC_DIGIT

Falls #LetsEncrypt absaufen sollte: Wo bekommt man sonst noch kostenlose Zertifikate?

#DerStandard:
"
Trumps Kürzungsrausch gefährdet für das Internet wichtige Open-Source-Projekte

Die neue US-Regierung entzieht dem Open Technology Fund die Mittel. Von diesem sind unter anderem Let’s Encrypt, Tor und F-Droid finanziell abhängig. Der OTF hat Klage eingereicht
"
https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte?ref=article

30.3.2025

How to Install #PeerTube on #Ubuntu VPS

This article provides an in-depth guide demonstrating how to install PeerTube on Ubuntu VPS.
What is PeerTube?
PeerTube is a decentralized, federated video hosting platform powered by WebTorrent and ActivityPub. It enables users to self-host video services and interact with other PeerTube ...
Continued https://blog.radwebhosting.com/how-to-install-peertube-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=ReviveOldPost #installguide #fediverse #nodejs #selfhosting #videostreaming #opensource #letsencrypt #selfhosted #decentralized #vpsguide

After #Trump's decree: fight for US funding for #Tor, #FDroid and #LetsEncrypt

https://www.heise.de/en/news/After-Trump-s-decree-fight-for-US-funding-for-Tor-F-Droid-and-Let-s-Encrypt-10328335.html

#HELP

I just received a concerning email from the OTF (@opentechfund.bsky.social) stating that a major source of their funding is in jeopardy.

If you care about open-source, anti-censorship, or the open internet, please consider supporting one of the projects they fund.

#FOSS #OpenSource #TechNews
#USPol #Politics #News #PoliticalNews
#NetNeutrality #EFF
#Wikimedia #Signal #SignalApp
#TOR #TAILs #OpenVPN #VPN #LetsEncrypt #HTTPS #SSL
#Censorship #AntiCensorship

https://www.opentech.fund/projects-we-support/supported-projects/?sc=&filter1=&filter2=&order-by-selector=date-desc&pageno=1