Page MenuHomeVyOS Platform

Add a Let's Encrypt client in the base image
Not ApplicablePublicFEATURE REQUEST

Description

Hello there,

It would be nice adding a Let's Encrypt client in the base image.
This would allow to actually get and update valid certificates for different services, in an automated way (using cron, or any other installed scheduler).

In conjunction with https://phabricator.vyos.net/T3022, we could get a fully automated certificate provisioning, allowing Operator to work on other things than the renewal of certificates.

Doing so would probably imply a new subcommand, such as:
`set letsencrypt host foo aliases foo.bar,www.foo,www.foo.bar
set letsencrypt host foo validation-type [dns|http|....]
set letsencrypt host foo mail-account ...
(and so on for other relevant options of the chosen LE client).
`
Cheers,

C.

Details

Version
-
Is it a breaking change?
Config syntax change (migratable)
Issue type
Cosmetic issue (typos etc.)

Event Timeline

@jestabro hmmm I don't see that "certbot" in the completion - running on rolling 1.3... ? In fact, nodes "certificates" and "certbot" are not shown here:
set service https
Possible completions:
> api VyOS HTTP API configuration
> api-restrict Restrict api proxy to subset of virtual hosts
> certificates TLS certificates
+> virtual-host Identifier for virtual host

set service https virtual-host foo
Possible completions:

listen-address
             Address to listen for HTTPS requests
listen-port  Port to listen for HTTPS requests; default 443

+ server-name Server names: exact, wildcard, or regex

set service https certificates certbot

domain-name(s) should contain the desired server-name. A rewrite is in progress in:
https://phabricator.vyos.net/T2289

sounds good - would be good having some other options than just domain-name and email, but that's another story :). I'll follow the other task then!

erkin set Issue type to Cosmetic issue (typos etc.).Aug 29 2021, 12:25 PM
erkin removed a subscriber: Global Notifications.

Considered while implementing T3642 to have a general LE availability.

c-po closed this task as Not Applicable.Oct 17 2021, 7:34 AM