unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* Certbot override trusted CA when using custom server
@ 2024-01-18 12:09 Moisés Simón
  2024-01-18 18:35 ` Felix Lechner via
  0 siblings, 1 reply; 3+ messages in thread
From: Moisés Simón @ 2024-01-18 12:09 UTC (permalink / raw)
  To: help-guix

Hi guix,

I'm running my own internal Lets Encrypt server.
The problem is certbot service even if it offers to change the server it does not specify any option to use REQUEST_CA_BUNDLE or skip ssl verificatiin (--no-verify-ssl certbot option)  you can see more of the feature here: https://github.com/certbot/certbot/pull/9357

I have my own CA installed in /etc/ssl/certs thanks to a private pkg. Still certbot is using urllib2 or something like that an it does not use the system certificTe store (Ubuntu suffers the same problem)

so the question is
how can I extend certbot in my own system config to add the --ni-verify-ssl option (without the need to copy all certbot.scm)?
better yet, how can I use the env variable REQUEST_CA_BUNDLE?

I will probably add a patch to specify the --no-verify-ssl but right now I would also like to know if I can extend a service "on the fly"

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Certbot override trusted CA when using custom server
  2024-01-18 12:09 Certbot override trusted CA when using custom server Moisés Simón
@ 2024-01-18 18:35 ` Felix Lechner via
  2024-01-19 22:34   ` Moisés Simón
  0 siblings, 1 reply; 3+ messages in thread
From: Felix Lechner via @ 2024-01-18 18:35 UTC (permalink / raw)
  To: Moisés Simón, help-guix

Hi,

On Thu, Jan 18 2024, Moisés Simón wrote:

> I'm running my own internal Lets Encrypt server.

What's the point of running Certbot with your own certificate authority?
Aren't there easier ways to distribute your own, long-term certificates?

Kind regards
Felix


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Certbot override trusted CA when using custom server
  2024-01-18 18:35 ` Felix Lechner via
@ 2024-01-19 22:34   ` Moisés Simón
  0 siblings, 0 replies; 3+ messages in thread
From: Moisés Simón @ 2024-01-19 22:34 UTC (permalink / raw)
  To: Felix Lechner; +Cc: help-guix

It is simple way to automate creation and renewal of ssl certificates.

18 ene 2024 19:35:20 Felix Lechner <felix.lechner@lease-up.com>:

> Hi,
> 
> On Thu, Jan 18 2024, Moisés Simón wrote:
> 
>> I'm running my own internal Lets Encrypt server.
> 
> What's the point of running Certbot with your own certificate authority?
> Aren't there easier ways to distribute your own, long-term certificates?
> 
> Kind regards
> Felix


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-01-19 22:35 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-18 12:09 Certbot override trusted CA when using custom server Moisés Simón
2024-01-18 18:35 ` Felix Lechner via
2024-01-19 22:34   ` Moisés Simón

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).