[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#26685] certbot service experience

From: Christopher Allan Webber
Subject: [bug#26685] certbot service experience
Date: Tue, 24 Oct 2017 10:25:09 -0500
User-agent: mu4e 0.9.18; emacs 25.3.1

Leo Famulari writes:

> On Thu, Jul 27, 2017 at 07:30:48PM +0200, Tobias Geerinckx-Rice wrote:
>> If nobody objects, I'd like a few days to play with this before it gets
>> merged. It's a fine service, but I think it privileges the ‘--webroot’
>> plugin too much (‘-w’ is a plugin-specific option, not global). I'd
>> rather not have my mail box spin up nginx...
> I agree that we should, in the long run, offer a more generalized ACME
> client service.
> However, the --webroot method is not specific to any of the other
> plugins. Instead, it is a general purpose method of obtaining and
> renewing signed x509 certificates with a running webserver. Certbot
> requires no server-specific configuration with this method, and the
> server only needs to be configured to serve a particular directory which
> will contain the temporary cryptographic "challenge" file. It's not a
> very tight coupling.
> Since serving HTTPS is, in practice, one of the primary use cases for
> the x509 CA system (as opposed to self-signed certs), I think we should
> add the service as-is and let people generalize it as they see fit later
> on.

Sounds like the right approach to me.

I'll add a note about the service configuration possibly being unstable
to the docs and push this today.  I just did a rebase on my end.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]