I am now feeling pretty good about the decision I made a while back, to only keep TLS keys and certs on RAM disks on the servers I'm renting.

Sure, that can also be compromised. But it requires much more invasive changes to hosting infrastructure. Just cloning a disk image and handing it over to LE is a capability hosting co's have always had.

The downside of course, is my servers don't start up without manual intervention. That hasn't been much of a problem in practice. Yet.

ยท Web ยท 1 ยท 2 ยท 4

@HerraBRE Thatโ€™s a cool approach. How do you handle unexpected reboots?

@HerraBRE To clarify... do you take the machine out of a pool to avoid service interruption, or do you let things go down and alert that it needs assistance in booting?

@nbering The connectors will check which relays are available and choose the nearest one. So if a relay goes offline, it just doesn't get picked until it has recovered.

As long as I have a reasonable amount of spare capacity, people don't much notice individual servers going down.

Sign in to participate in the conversation

Generalistic and moderated instance. All opinions are welcome, but hate speeches are prohibited. Users who don't respect rules will be silenced or suspended, depending on the violation severity.