Page MenuHomeVyOS Platform

Move certbot request to op-mode
Closed, WontfixPublicFEATURE REQUEST


The introduction of let's encrypt certificates for https invoked a certbot request within the https configuration --- this is incorrect, as it adds an overhead and point of failure at boot. Properly, the certbot request should be handled by an op-mode 'generate' command, similar to, say, wireguard keys. This obviates the need to denest configuration (T2289).


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

syncer subscribed.

@jestabro I will suggest a move from certbot
This will give us some more flexibility with LE provision

syncer triaged this task as Normal priority.Oct 17 2021, 2:58 PM

This will be integrated with the PKI subsystem, using the ideas there.

c-po set Issue type to Unspecified (please specify).