Certbot override trusted CA when using custom server

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: "Moisés Simón" <msv@posteo.org>
To: help-guix@gnu.org
Subject: Certbot override trusted CA when using custom server
Date: Thu, 18 Jan 2024 12:09:01 +0000 (+00:00)	[thread overview]
Message-ID: <611bf86f-52c8-424c-8463-92dc6f0fb5a2@posteo.org> (raw)

Hi guix,

I'm running my own internal Lets Encrypt server.
The problem is certbot service even if it offers to change the server it does not specify any option to use REQUEST_CA_BUNDLE or skip ssl verificatiin (--no-verify-ssl certbot option)  you can see more of the feature here: https://github.com/certbot/certbot/pull/9357

I have my own CA installed in /etc/ssl/certs thanks to a private pkg. Still certbot is using urllib2 or something like that an it does not use the system certificTe store (Ubuntu suffers the same problem)

so the question is
how can I extend certbot in my own system config to add the --ni-verify-ssl option (without the need to copy all certbot.scm)?
better yet, how can I use the env variable REQUEST_CA_BUNDLE?

I will probably add a patch to specify the --no-verify-ssl but right now I would also like to know if I can extend a service "on the fly"

next             reply	other threads:[~2024-01-18 12:09 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-18 12:09 Moisés Simón [this message]
2024-01-18 18:35 ` Certbot override trusted CA when using custom server Felix Lechner via
2024-01-19 22:34   ` Moisés Simón

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=611bf86f-52c8-424c-8463-92dc6f0fb5a2@posteo.org \
    --to=msv@posteo.org \
    --cc=help-guix@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.