I am now feeling pretty good about the decision I made a while back, to only keep #PageKite TLS keys and certs on RAM disks on the servers I'm renting.
Sure, that can also be compromised. But it requires much more invasive changes to hosting infrastructure. Just cloning a disk image and handing it over to LE is a capability hosting co's have always had.
The downside of course, is my servers don't start up without manual intervention. That hasn't been much of a problem in practice. Yet.
@HerraBRE That’s a cool approach. How do you handle unexpected reboots?
@HerraBRE To clarify... do you take the machine out of a pool to avoid service interruption, or do you let things go down and alert that it needs assistance in booting?
Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.