Page MenuHomeVyOS Platform

Move certbot request to op-mode
Closed, WontfixPublicFEATURE REQUEST

Description

The introduction of let's encrypt certificates for https invoked a certbot request within the https configuration --- this is incorrect, as it adds an overhead and point of failure at boot. Properly, the certbot request should be handled by an op-mode 'generate' command, similar to, say, wireguard keys. This obviates the need to denest configuration (T2289).

Details

Version
vyos-1.4
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

syncer subscribed.

@jestabro I will suggest a move from certbot
to https://github.com/go-acme/lego
This will give us some more flexibility with LE provision

syncer triaged this task as Normal priority.Oct 17 2021, 2:58 PM

This will be integrated with the PKI subsystem, using the ideas there.

c-po set Issue type to Unspecified (please specify).