-----BEGIN PGP SIGNED MESSAGE-----
On 12/08/2015 05:36 PM, James Hogarth wrote:
On 8 December 2015 at 18:28, Reindl Harald <h.reindl(a)thelounge.net
Am 08.12.2015 um 19:17 schrieb James Hogarth:
I've recently packaged the official letsencrypt client for rawhide
(with comaintainers getting the F23 build out to bohdi today) and
thought it sensible to reach out the there server working group
As you're all no doubt aware there is a big push for encrypting ask
http on the public internet and it occurred to me further
integration into the web server role might be desirable.
Wanted to get your feedback before hacking on LE with bits
interesting to me - for example I'm considering making use of
systemd templates and a timer for automated certificate renewal and
submitting the documentation and sample units upstream for that use
Looking forward to getting your thoughts on this
may i suggest at least two subpackages for cases where it is *not*
desired that something generic touchs configuration files and
someone needs to write his own integration in existing
infrastructure using the client per CLI?
Well I wouldn't be intending to overwrite people's code/config
willy nilly Reindl ...
I'm thinking more along the lines of (assuming default
configuration for letsencrypt):
systemctl enable letsencrypt(a)www.example.com.service with a target
being called by a timer to refresh all of these which executes
something like letsencrypt -c /etc/letsencrypt/renewal/%i.conf
--renew-by-default certonly ... the question of how to notify the
webserver to trigger a reload would need to be answered of course
but that's just an implementation question and this would, of
course, be totally optional and up to the administrator.
Anyway back to the core of the question ... would the Server
Working Group find an integration question/problem/solution
interesting for a Server Feature for Fedora Server 24 ?
I cannot speak for the entire Working Group, but I think that we
certainly want to look into anything we can do to move Let's Encrypt
forward. I'm going to put this on the agenda for tomorrow's Server SIG
meeting (at 11am EST/1600 UTC)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----