As you can notice I’m working on the restyling of the website, a thing that I should have done many years ago.
The wordpress theme Revolution Code Blue that I’ve been using until now hasn’t been updated anymore since the early 2000s. It has been working nicely until the release of WordPress 5.1, but with the symultaneous upgrade to PHP 7.3 and WordPress 5.3 some issues have begun to appear in the visualization of some items in the pages.
After some research I’ve reached to the Customify theme, which allows me to build various parts of the site in the way I want instead of giving a mandatory structure. In addition, it matches well with my logo, which I had no intention to change.
The restyling of the website is not finished in full yet, but I should soon achieve the final look.
This is a talk held by my friend Katolaz some months ago, explaining what minimalism is and how it is relevant when developing OpenSource software.
Between yesterday and today I changed the SSL certificate used on the websites of lonestar.it and unixportal.net, and for the SMTP / IMAP mail services of mail.lonestar.it.
Up to now I used a wildcard certificate, regularly purchased on StartSSL . It was a cost-effective service to get a 2-year wildcard certificate. The convenience is that the certificate was valid for * .lonestar.it, and therefore in any network service.
But the StartSSL Certification Authority has been deprecated by major browsers because of some irregularities committed after acquisition by a Chinese company.
As a result, as of recent versions of Firefox and Chrome, certificates issued by this authority are no longer accepted as valid (green color next to the url bar), but are shown as unrecognized (red color next to the url bar).
So I’ve decided to start using the free service of Let’s Encrypt , which has been very successful lately thanks to the new philosophy of free release of certificates to anyone, for a short time (90 days maximum), so as to encourage adoption of https and tls protocols by everyone.
The short duration of certificates implies the transition to an automatic renewal and replacement mechanism, compared to the previous habit of obtaining a valid certificate for a few years and then install it manually on the various servers involved.
Let’s Encrypt offers an official python-based client to perform these automated tasks on the most popular distributions and common services. But since I use Slackware as distribution and s/qmail as a mail service, I preferred to use the Dehydrated script, which is based on bash and curl.
So I’ve set up some scripts that request certificates, no longer wildcard but individual for each service, and install them where necessary.
All seems to be working 🙂
These days I have enabled SMTP-VRFY functionality in the LoneStar Network MTA service, so that I can create/remove mailboxes through Vmail and have them automatically recognized by the ASSP antispam filter
that is put to upfront protection to the service itself.
Up to now, manual intervention was required by means of editing a text file containing the list of acceptable mailbox addresses.
With this change, any box created through the management web interface will be dynamically recognized as enabled.
