On 8 December 2015 at 18:28, Reindl Harald <h.reindl@thelounge.net> wrote:

Am 08.12.2015 um 19:17 schrieb James Hogarth:

I've recently packaged the official letsencrypt client for rawhide (with
comaintainers getting the F23 build out to bohdi today) and thought it
sensible to reach out the there server working group about it.

As you're all no doubt aware there is a big push for encrypting ask http
on the public internet and it occurred to me further integration into
the web server role might be desirable.

Wanted to get your feedback before hacking on LE with bits interesting
to me - for example I'm considering making use of systemd templates and
a timer for automated certificate renewal and submitting the
documentation and sample units upstream for that use case.

Looking forward to getting your thoughts on this

Hi

may i suggest at least two subpackages for cases where it is *not* desired that something generic touchs configuration files and someone needs to write his own integration in existing infrastructure using the client per CLI?

Well I wouldn't be intending to overwrite people's code/config willy nilly Reindl ...

I'm thinking more along the lines of (assuming default configuration for letsencrypt):

systemctl enable letsencrypt@www.example.com.service with a target being called by a timer to refresh all of these which executes something like letsencrypt -c /etc/letsencrypt/renewal/%i.conf --renew-by-default certonly ... the question of how to notify the webserver to trigger a reload would need to be answered of course but that's just an implementation question and this would, of course, be totally optional and up to the administrator.

Anyway back to the core of the question ... would the Server Working Group find an integration question/problem/solution interesting for a Server Feature for Fedora Server 24 ?

James