Page MenuHomeVyOS Platform
Create Task
Maniphest T3023

Add a Let's Encrypt client in the base image
Resolved (N/A)PublicFEATURE REQUEST
Actions

Description

Hello there,

It would be nice adding a Let's Encrypt client in the base image.
This would allow to actually get and update valid certificates for different services, in an automated way (using cron, or any other installed scheduler).

In conjunction with https://phabricator.vyos.net/T3022, we could get a fully automated certificate provisioning, allowing Operator to work on other things than the renewal of certificates.

Doing so would probably imply a new subcommand, such as:
`set letsencrypt host foo aliases foo.bar,www.foo,www.foo.bar
set letsencrypt host foo validation-type [dns|http|....]
set letsencrypt host foo mail-account ...
(and so on for other relevant options of the chosen LE client).
`
Cheers,

C.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Cosmetic issue (typos etc.)

Related Objects

Event Timeline

cjeanneret created this task.Oct 26 2020, 8:10 PM
jestabro added a subscriber: jestabro.Oct 26 2020, 8:12 PM

It exists:
https://phabricator.vyos.net/T1585

cjeanneret added a comment.Oct 26 2020, 8:23 PM

@jestabro hmmm I don't see that "certbot" in the completion - running on rolling 1.3... ? In fact, nodes "certificates" and "certbot" are not shown here:
set service https
Possible completions:
> api VyOS HTTP API configuration
> api-restrict Restrict api proxy to subset of virtual hosts
> certificates TLS certificates
+> virtual-host Identifier for virtual host

set service https virtual-host foo
Possible completions:

listen-address
             Address to listen for HTTPS requests
listen-port  Port to listen for HTTPS requests; default 443

+ server-name Server names: exact, wildcard, or regex

jestabro added a comment.Oct 26 2020, 8:32 PM
set service https certificates certbot

domain-name(s) should contain the desired server-name. A rewrite is in progress in:
https://phabricator.vyos.net/T2289

cjeanneret added a comment.Oct 27 2020, 5:13 PM

sounds good - would be good having some other options than just domain-name and email, but that's another story :). I'll follow the other task then!

pasik added a subscriber: pasik.Oct 29 2020, 9:11 PM
erkin set Issue type to Cosmetic issue (typos etc.).Aug 29 2021, 12:25 PM
erkin removed a subscriber: Active contributors.
c-po added a subscriber: c-po.Oct 17 2021, 7:33 AM

Considered while implementing T3642 to have a general LE availability.

c-po closed this task as Resolved N/A.Oct 17 2021, 7:34 AM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 6 2021, 12:20 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:16 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.