[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#26685] certbot service experience
|
From: |
Leo Famulari |
|
Subject: |
[bug#26685] certbot service experience |
|
Date: |
Tue, 24 Oct 2017 10:53:24 -0400 |
|
User-agent: |
Mutt/1.9.1 (2017-09-22) |
On Thu, Jul 27, 2017 at 07:30:48PM +0200, Tobias Geerinckx-Rice wrote:
> If nobody objects, I'd like a few days to play with this before it gets
> merged. It's a fine service, but I think it privileges the ‘--webroot’
> plugin too much (‘-w’ is a plugin-specific option, not global). I'd
> rather not have my mail box spin up nginx...
I agree that we should, in the long run, offer a more generalized ACME
client service.
However, the --webroot method is not specific to any of the other
plugins. Instead, it is a general purpose method of obtaining and
renewing signed x509 certificates with a running webserver. Certbot
requires no server-specific configuration with this method, and the
server only needs to be configured to serve a particular directory which
will contain the temporary cryptographic "challenge" file. It's not a
very tight coupling.
Since serving HTTPS is, in practice, one of the primary use cases for
the x509 CA system (as opposed to self-signed certs), I think we should
add the service as-is and let people generalize it as they see fit later
on.
signature.asc
Description: PGP signature