-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/08/2015 05:36 PM, James Hogarth wrote:
On 8 December 2015 at 18:28, Reindl Harald <h.reindl@thelounge.net mailto:h.reindl@thelounge.net> wrote:
Am 08.12.2015 um 19:17 schrieb James Hogarth:
I've recently packaged the official letsencrypt client for rawhide (with comaintainers getting the F23 build out to bohdi today) and thought it sensible to reach out the there server working group about it.
As you're all no doubt aware there is a big push for encrypting ask http on the public internet and it occurred to me further integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits interesting to me - for example I'm considering making use of systemd templates and a timer for automated certificate renewal and submitting the documentation and sample units upstream for that use case.
Looking forward to getting your thoughts on this
Hi
may i suggest at least two subpackages for cases where it is *not* desired that something generic touchs configuration files and someone needs to write his own integration in existing infrastructure using the client per CLI?
Well I wouldn't be intending to overwrite people's code/config willy nilly Reindl ...
I'm thinking more along the lines of (assuming default configuration for letsencrypt):
systemctl enable letsencrypt@www.example.com.service with a target being called by a timer to refresh all of these which executes something like letsencrypt -c /etc/letsencrypt/renewal/%i.conf --renew-by-default certonly ... the question of how to notify the webserver to trigger a reload would need to be answered of course but that's just an implementation question and this would, of course, be totally optional and up to the administrator.
Anyway back to the core of the question ... would the Server Working Group find an integration question/problem/solution interesting for a Server Feature for Fedora Server 24 ?
I cannot speak for the entire Working Group, but I think that we certainly want to look into anything we can do to move Let's Encrypt forward. I'm going to put this on the agenda for tomorrow's Server SIG meeting (at 11am EST/1600 UTC)