CAcert certificates everywhere!

All my servers (including this site) are reachable via TLS and show certificates issued by CAcert since a few months ago, instead of the self-signed certificates of a custom CA I had before.

CAcert.org is a community-driven Certificate Authority that issues free class 3 certificates after a first-hand verification through the community.

For others running servers: I am a CAcert assurer now, so I can assure you in case we meet in person, but you’ll need other assures as well.

To contact this site or my servers via https without warnings, you can either store the certificate as before or import the CAcert certificates:

Bonus: If everything worked out, you now can visit e.g. the Chaos Computer Club via https without a warning, too.

DNSSEC / DANE

I’d love to enable DNSSEC and DANE, but my domain registrar only supports DNSSEC in case you run your own authoritative DNS server instead of theirs. :/ (See the knowledge base of inwx, Can I use DNSSEC?). But I’ll try to set one up when I find the time.

Remarks? Additions? Corrections? For anything you want to tell me about this blog post, feel free to send me an email^[*].
Despite having no comments section (isn't that easy with a static site generator and without relying on a proprietary 3rd party service), I greatly appreciate direct feedback. 😉 In case of additions, I'll mention the name from the mail if you don't object.

[*]: Mails from small independent mailservers are my mailserver's favourite! ❤
If you don't want to keep one on your own, you can pay various admins about 1€ per month to do so for you, e.g. at posteo, mailbox.org, jit-creatives, or at most webhosting providers like netcup or 1&1 in case you want to have your own domain name on top.