-
-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop certbot in favor of something with less dependencies #1902
Comments
Nice, there is a migrations construct available, this should make things easy. I am currently having my eyes on mod_md, which might integrate certificate generation into normal webserver operations. acme.sh is another option I'm evaluating. |
That's funny, mod_md caught my eye as well. My only concern was that it was apache specific, which would get really annoying if we ever wanted to move to, say, nginx. No strong feelings though, explore. |
@kyrofa, and that was my biggest concern with this choice as well. Looking forward to working on this together... |
When thinking about how to migrate our users to another mechanism for providing letsencrypt or potentially any certificates from an ACME-capable authority - Scott Helme has some nice blog posts about those, here is the latest, including links to previous discussions of other providers - the hurdle of identifying the currently selected encryption method for the snap came up in #1924, quoting myself:
Is there a sane way to discern what was select as certificate source when our user last called Keep in mind that users could have been doing the switcheroo and used every possible configuration in the past, with certificates that have not yet expired. And there might well be users providing LetsEncrypt certificates using the custom mechanism, as they fetch them another way. |
Yes, see here and here. It's sane because we know how the
Right, we don't want to mess with those certs at all. Just the ones the snap is responsible for renewing. |
Ha, I really don't know why I didn't see those, I was working with just that file. To reconcile: There are four possible states:
The relevant flags are:
Ergo:
Maybe switching to a simple enum-style variable ( |
Eh, posix shell doesn't really have enum type stuff, so you'd end up comparing strings constantly 🤷♂️ . |
This issue is stale because it has been without activity for 60 days. It will be closed after 7 more days of inactivity. |
I recommend acme.sh or something similar. Requirements:
renew-certs
executable)enable-https
executableThe text was updated successfully, but these errors were encountered: