Start a new topic

LetsEncrypt/Certbot/ACME and Pwned Passwords

Any chance of Certbot/ACME integration for SSL cert issuance and renewal?

(https://letsencrypt.org/)


Also would love to have passwords run through the Pwned password database (https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/)

Especially if it was done via k-anonymity 

(https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/)


Letsencrypt...maybe eventually, but its low priority.  I would strongly recommend real cert authorities as opposed to continually rolling out new certs frequently through an automated process...just my opinion.  But we are looking at it.  We just aren't going to bloat our software to use all the libraries there examples want for the purpose of something that should be extremely simple.


Pwned passwords...not a bad idea, I'll look at this for CrushFTP 9.

First off, thanks for even considering my suggestions.


There is no need for ACME to add any bloat or extra libraries, check out these implementations that run fully in bash:


https://github.com/Neilpang/acme.sh

https://github.com/lukas2511/dehydrated


Thanks!

Hi Ben,


i'm interest in CurshFTP but i saw that the latest update is pretty old. Is crushftp still supported? When will you release crushftp9? I do not wanna buy crushftp 8 when the version 9 has been released.


Thanks!


Cheers

Peter

We release major versions about every 2 years.  v9 is expected in October of this year.


In the mean time we publish smaller updates and features as time goes on.  When 9.0 is released it won't be complete...but by about 9.3 it will be complete.


People buying in August will start receiving a code that is valid for v8 and v9.  So basically wait 2 days and we start doing v9 codes when purchasing.


Thanks,
Ben


1 person likes this

Perfect. Thanks for the quick answer (not expecting that :) )


I'm very happy with my v8 trial so i will buy a v9 code. Good timing though

Login to post a comment