Hi all,
I've recently packaged the official letsencrypt client for rawhide (with comaintainers getting the F23 build out to bohdi today) and thought it sensible to reach out the there server working group about it.
As you're all no doubt aware there is a big push for encrypting ask http on the public internet and it occurred to me further integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits interesting to me - for example I'm considering making use of systemd templates and a timer for automated certificate renewal and submitting the documentation and sample units upstream for that use case.
Looking forward to getting your thoughts on this.
Cheers
James
Am 08.12.2015 um 19:17 schrieb James Hogarth:
I've recently packaged the official letsencrypt client for rawhide (with comaintainers getting the F23 build out to bohdi today) and thought it sensible to reach out the there server working group about it.
As you're all no doubt aware there is a big push for encrypting ask http on the public internet and it occurred to me further integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits interesting to me - for example I'm considering making use of systemd templates and a timer for automated certificate renewal and submitting the documentation and sample units upstream for that use case.
Looking forward to getting your thoughts on this
Hi
may i suggest at least two subpackages for cases where it is *not* desired that something generic touchs configuration files and someone needs to write his own integration in existing infrastructure using the client per CLI?
On 8 December 2015 at 18:28, Reindl Harald h.reindl@thelounge.net wrote:
Am 08.12.2015 um 19:17 schrieb James Hogarth:
I've recently packaged the official letsencrypt client for rawhide (with comaintainers getting the F23 build out to bohdi today) and thought it sensible to reach out the there server working group about it.
As you're all no doubt aware there is a big push for encrypting ask http on the public internet and it occurred to me further integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits interesting to me - for example I'm considering making use of systemd templates and a timer for automated certificate renewal and submitting the documentation and sample units upstream for that use case.
Looking forward to getting your thoughts on this
Hi
may i suggest at least two subpackages for cases where it is *not* desired that something generic touchs configuration files and someone needs to write his own integration in existing infrastructure using the client per CLI?
Well I wouldn't be intending to overwrite people's code/config willy nilly Reindl ...
I'm thinking more along the lines of (assuming default configuration for letsencrypt):
systemctl enable letsencrypt@www.example.com.service with a target being called by a timer to refresh all of these which executes something like letsencrypt -c /etc/letsencrypt/renewal/%i.conf --renew-by-default certonly ... the question of how to notify the webserver to trigger a reload would need to be answered of course but that's just an implementation question and this would, of course, be totally optional and up to the administrator.
Anyway back to the core of the question ... would the Server Working Group find an integration question/problem/solution interesting for a Server Feature for Fedora Server 24 ?
James
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/08/2015 05:36 PM, James Hogarth wrote:
On 8 December 2015 at 18:28, Reindl Harald <h.reindl@thelounge.net mailto:h.reindl@thelounge.net> wrote:
Am 08.12.2015 um 19:17 schrieb James Hogarth:
I've recently packaged the official letsencrypt client for rawhide (with comaintainers getting the F23 build out to bohdi today) and thought it sensible to reach out the there server working group about it.
As you're all no doubt aware there is a big push for encrypting ask http on the public internet and it occurred to me further integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits interesting to me - for example I'm considering making use of systemd templates and a timer for automated certificate renewal and submitting the documentation and sample units upstream for that use case.
Looking forward to getting your thoughts on this
Hi
may i suggest at least two subpackages for cases where it is *not* desired that something generic touchs configuration files and someone needs to write his own integration in existing infrastructure using the client per CLI?
Well I wouldn't be intending to overwrite people's code/config willy nilly Reindl ...
I'm thinking more along the lines of (assuming default configuration for letsencrypt):
systemctl enable letsencrypt@www.example.com.service with a target being called by a timer to refresh all of these which executes something like letsencrypt -c /etc/letsencrypt/renewal/%i.conf --renew-by-default certonly ... the question of how to notify the webserver to trigger a reload would need to be answered of course but that's just an implementation question and this would, of course, be totally optional and up to the administrator.
Anyway back to the core of the question ... would the Server Working Group find an integration question/problem/solution interesting for a Server Feature for Fedora Server 24 ?
I cannot speak for the entire Working Group, but I think that we certainly want to look into anything we can do to move Let's Encrypt forward. I'm going to put this on the agenda for tomorrow's Server SIG meeting (at 11am EST/1600 UTC)
I'm totally for it, is the 23 package up in bodhi yet didn't see it this morning. I'm more than willing to hammer on it for testing.
Corey W Sheldon Freelance IT Consultant, Multi-Discipline Tutor Ameridea LLC, Founder, CTO http://github.com/ameridea Fedora Ambassador, North America http://getfedora.org Server Intern Staff, Citygate http://citygate.org (p) +1 (310) 909-7672 Find Me on any of the sites I teach /frequent: https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 ---------------------------------------------------------------------------------------------------------------------------------------------- "Have no way as way, no limitation as limitation. One must never underestimate the power of boredom...from which creativity and laziness are borne, which can spark great works of chaos and genius." ---------------------------------------------------------------------------------------------------------------------------------------------- PGP: 0xe958c5d6718bf597 FP = 2930 99EB 083D D332 0752 88C4 E958 C5D6 718B F597 linuxmodder@keybase.io Tox: Corey84 || Linux-modder 9357BC6A5944A08AFC7D1EFFD61F6A73B9EABF8B2FB84ACF1DAC9A1A4D0A4705FFCCD0E5499B Linphone: sip:linuxmodder BitAddress:15cn1BvAFEREHk8UekJ6i9Dxi9Wbw6vzDD
On Mon, Dec 14, 2015 at 8:38 AM, Stephen Gallagher sgallagh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/08/2015 05:36 PM, James Hogarth wrote:
On 8 December 2015 at 18:28, Reindl Harald <h.reindl@thelounge.net mailto:h.reindl@thelounge.net> wrote:
Am 08.12.2015 um 19:17 schrieb James Hogarth:
I've recently packaged the official letsencrypt client for rawhide (with comaintainers getting the F23 build out to bohdi today) and thought it sensible to reach out the there server working group about it.
As you're all no doubt aware there is a big push for encrypting ask http on the public internet and it occurred to me further integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits interesting to me - for example I'm considering making use of systemd templates and a timer for automated certificate renewal and submitting the documentation and sample units upstream for that use case.
Looking forward to getting your thoughts on this
Hi
may i suggest at least two subpackages for cases where it is *not* desired that something generic touchs configuration files and someone needs to write his own integration in existing infrastructure using the client per CLI?
Well I wouldn't be intending to overwrite people's code/config willy nilly Reindl ...
I'm thinking more along the lines of (assuming default configuration for letsencrypt):
systemctl enable letsencrypt@www.example.com.service with a target being called by a timer to refresh all of these which executes something like letsencrypt -c /etc/letsencrypt/renewal/%i.conf --renew-by-default certonly ... the question of how to notify the webserver to trigger a reload would need to be answered of course but that's just an implementation question and this would, of course, be totally optional and up to the administrator.
Anyway back to the core of the question ... would the Server Working Group find an integration question/problem/solution interesting for a Server Feature for Fedora Server 24 ?
I cannot speak for the entire Working Group, but I think that we certainly want to look into anything we can do to move Let's Encrypt forward. I'm going to put this on the agenda for tomorrow's Server SIG meeting (at 11am EST/1600 UTC)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iEYEARECAAYFAlZuxksACgkQeiVVYja6o6NozgCcDvISJNouZc6EOSgNjvhxpN9p z50AnjXY8JmbV0gFyMVxF75gL/h2yWoS =c4jP -----END PGP SIGNATURE----- _______________________________________________ server mailing list server@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/server@lists.fedoraproject.org
On 14 Dec 2015 14:03, "Corey Sheldon" sheldon.corey@gmail.com wrote:
I'm totally for it, is the 23 package up in bodhi yet didn't see
it this morning. I'm more than willing to hammer on it for testing.
It's in stable already ;)
dnf install letsencrypt and away you go ;)
Keep an eye out on Fedora Magazine today as there's an article coming out on it with a how to and stuff to copy/paste ;)
Is this in #fedora-meeting ... If so I'll try and be there but it depends on my workload.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/14/2015 09:06 AM, James Hogarth wrote:
On 14 Dec 2015 14:03, "Corey Sheldon" <sheldon.corey@gmail.com mailto:sheldon.corey@gmail.com> wrote:
I'm totally for it, is the 23 package up in bodhi yet didn't
see it this morning. I'm more than willing to hammer on it for testing.
It's in stable already ;)
dnf install letsencrypt and away you go ;)
Keep an eye out on Fedora Magazine today as there's an article coming out on it with a how to and stuff to copy/paste ;)
Is this in #fedora-meeting ... If so I'll try and be there but it depends on my workload.
It's in #fedora-meeting-1 tomorrow at 1600 UTC.
server@lists.fedoraproject.org
-
Corey Sheldon -
James Hogarth -
Reindl Harald -
Stephen Gallagher