From: "Clément Lassieur" <clement@lassieur.org>
To: Nils Gillmann <ng0@n0.is>
Cc: guix-devel@gnu.org
Subject: Re: certbot-service wildcard support
Date: Sat, 04 Aug 2018 11:56:39 +0200 [thread overview]
Message-ID: <87y3dmihew.fsf@lassieur.org> (raw)
In-Reply-To: <20180804094737.dfbdyxdg6jjtmll3@abyayala>
Nils Gillmann <ng0@n0.is> writes:
> Clément Lassieur transcribed 847 bytes:
>> Nils Gillmann <ng0@n0.is> writes:
>>
>> > Hi,
>> >
>> > recently letsencrypt added support for wildcard certificates.
>> >
>> > Since we concluded that it would be a good idea for Taler to
>> > just use that instead of roughly 30 - 40 subdomain certificates:
>> >
>> > Does our certbot-service support the wildcard functionality?
>>
>> It doesn't, because it doesn't support DNS challenges.
>>
>> I tried to add support for DNS challenges, but I stopped because my DNS
>> provider (Namecheap) doesn't have an API to update DNS records. (Well,
>> it does, but the API has access to everything and I can't afford the
>> security risk.)
>>
>> The problem with DNS challenges is that there is no universal way to
>> update the records. It depends very much on the provider (unless you
>> host your DNS zone).
>
> How is that related? Or am I using certbot on Debian wrong? I simply added
> an entry manually. I don't even want a service to mess around with DNS, at
> least not unless it is required.
> Which in my experience it is not. You can add the entry manually, which is
> what we'd have done for taler.
Oh. I though it had to be updated every three months, which is why I
wanted to automate it. But if it has to be updated only once, then it's
not a problem.
>> I packaged PYTHON-DNS-LEXICON though, it might help if you want to work
>> in this.
>
> If you can tell me more about this, and why you think that software is
> required for this, then it would be in my responsibility to work on this.
It's just a tool that automates DNS records updating, but you won't need
it if the DNS record used by Certbot only needs to be updated once.
next prev parent reply other threads:[~2018-08-04 9:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-04 7:59 certbot-service wildcard support Nils Gillmann
2018-08-04 9:34 ` Clément Lassieur
2018-08-04 9:47 ` Nils Gillmann
2018-08-04 9:56 ` Clément Lassieur [this message]
2018-08-04 10:08 ` Nils Gillmann
2018-08-04 10:17 ` Clément Lassieur
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y3dmihew.fsf@lassieur.org \
--to=clement@lassieur.org \
--cc=guix-devel@gnu.org \
--cc=ng0@n0.is \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.