The introduction of let's encrypt certificates for https invoked a certbot request within the https configuration --- this is incorrect, as it adds an overhead and point of failure at boot. Properly, the certbot request should be handled by an op-mode 'generate' command, similar to, say, wireguard keys. This obviates the need to denest configuration (T2289).
- Difficulty level
- Unknown (require assessment)
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
|In progress||FEATURE REQUEST||syncer||T2192 Create common crypto library for creation/verification/management of RSA/EC/SSH keys, certificates, requests, etc.|
|Open||FEATURE REQUEST||None||T2799 VyOS Certificates Manager|
|Needs testing||FEATURE REQUEST||sdev||T3642 PKI configuration|
|Open||FEATURE REQUEST||jestabro||T2289 Denest cerbot certificate configuration from service https|
|Open||FEATURE REQUEST||jestabro||T3651 Move certbot request to op-mode|