The introduction of let's encrypt certificates for https invoked a certbot request within the https configuration --- this is incorrect, as it adds an overhead and point of failure at boot. Properly, the certbot request should be handled by an op-mode 'generate' command, similar to, say, wireguard keys. This obviates the need to denest configuration (T2289).
Description
Description
Details
Details
- Version
- vyos-1.4
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Unspecified (please specify)
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | FEATURE REQUEST | syncer | T2192 Create common crypto library for creation/verification/management of RSA/EC/SSH keys, certificates, requests, etc. | ||
Resolved | FEATURE REQUEST | dmbaturin | T2799 VyOS Certificates Manager | ||
Resolved | FEATURE REQUEST | sarthurdev | T3642 PKI configuration | ||
Duplicate | FEATURE REQUEST | jestabro | T2289 Denest cerbot certificate configuration from service https | ||
Resolved | FEATURE REQUEST | c-po | T5894 Extend get_config_dict() with additional parameter with_pki that defaults to False | ||
Resolved | FEATURE REQUEST | c-po | T5886 Add support for ACME protocol (LetsEncrypt) | ||
Wontfix | FEATURE REQUEST | jestabro | T3651 Move certbot request to op-mode |
Event Timeline
Comment Actions
@jestabro I will suggest a move from certbot
to https://github.com/go-acme/lego
This will give us some more flexibility with LE provision