Pretty sure Germany uses bund.de

Kids often have no money, especially not money they can spend online, no?

I use synphonium with my jellying server, works just fine.

deleted by creator

I found open-ssl to be much harder to use. Do you just manually make new certificates with the CA in CLI?

At some point it’s good to let things die

In that case, i recommend step-ca, which is a certificate authority server with acme support anyone can self host. The setup took a while but it’s been running for months now without problems for me.

No proper CA should give out a certificate for an IP, that’s a no go by the common rules.

The background is that certificate revocation is a broken system and having short lived certificates makes the problem go away. You don’t need to worry about how to tell people that some certificate is bad if it’s only valid for a few days.

Ideally, certificates would only be valid for a few days, it should be automated anyway. This has other downsides as I can imagine, like creation of more traffic. My self signed CA for my home LAN has 4 days as standard, and it works perfectly fine.

SCP-5300 😮

At that point it’s an act of rebellion against that nations authority over its territory, and the police/armed forces may step in.

I see what you’re doing but that chain of thought doesn’t lead anywhere.

While true I feel like your comment misses the point. A raspberry pi is just a computer, not a magic solution box that’s kept maintained and updated by some guy. Their product isn’t a service, it’s just the device.

Why had?

In Germany at least, I hear that banks have weird law requirements for these weird security things, like photoTAN.

I’d be much happier if they’d just let me do my usual setup with password, totp and my hardware token.