On 8 December 2015 at 18:28, Reindl Harald <h.reindl(a)thelounge.net> wrote:
Am 08.12.2015 um 19:17 schrieb James Hogarth:
> I've recently packaged the official letsencrypt client for rawhide (with
> comaintainers getting the F23 build out to bohdi today) and thought it
> sensible to reach out the there server working group about it.
>
> As you're all no doubt aware there is a big push for encrypting ask http
> on the public internet and it occurred to me further integration into
> the web server role might be desirable.
>
> Wanted to get your feedback before hacking on LE with bits interesting
> to me - for example I'm considering making use of systemd templates and
> a timer for automated certificate renewal and submitting the
> documentation and sample units upstream for that use case.
>
> Looking forward to getting your thoughts on this
>
Hi
may i suggest at least two subpackages for cases where it is *not* desired
that something generic touchs configuration files and someone needs to
write his own integration in existing infrastructure using the client per
CLI?
Well I wouldn't be intending to overwrite people's code/config willy nilly
Reindl ...
I'm thinking more along the lines of (assuming default configuration for
letsencrypt):
systemctl enable letsencrypt(a)www.example.com.service with a target being
called by a timer to refresh all of these which executes something like
letsencrypt -c /etc/letsencrypt/renewal/%i.conf --renew-by-default
certonly ... the question of how to notify the webserver to trigger a
reload would need to be answered of course but that's just an
implementation question and this would, of course, be totally optional and
up to the administrator.
Anyway back to the core of the question ... would the Server Working Group
find an integration question/problem/solution interesting for a Server
Feature for Fedora Server 24 ?
James