My domains just got a little more life in them. As in, an A rating from ssllabs, at least for the moment!

ssl_A

Highlights:

  • Problem: Time Warner has a monopoly on broadband here; they gouge you if you want a static IP; and they do thorough reporting of all IP ranges as dynamic to spamhaus, so no email servers from home folks
  • Problem: 1and1 has a horrible interface to maintain even a handful of domains, as you have to use a useless separate “packages” layer to get enough subdomains; they charge for email
  • Solution: Switched all domains to Google Registrar, which has a much better UI, supports subdomains, and allows domain name email forwarding for free
  • Solution: Once you have control over your domain email, StartSSL provides amazing easy free SSL certs; they have the BEST completely automated service and the best docs; my Apache site configs are now better organized, SNI-based, and the sites are getting great scores on ssllabs, thanks to using Mozilla’s “modern” recommendations
  • Solution: phabricator needs to run on its own domain, and with this new level of control, I can easily get that going; although curl and arcanist are picky about the CA store – I could NOT get them to work with the agile.bitpost.com subdomain, at all, and I really tried – so I went with https://abettersoftware.org

A brave new world.  I love it when a plan comes together.