wojciech.kapcia@tigase.net opened 8 years ago
|
|||||||
|
|||||||
We should consider how it should be handled and possible use cases / what triggers it:
In terms of actual functionality:
Comments? %kobit %andrzej.wojcik %bmalkow ? |
|||||||
%wojtek Yes, it is possible to redirect I remember that there was an idea to allow SSL certificates for XMPP for domain |
|||||||
Wojciech Kapcia wrote:
Actually it does. So basically either someone uploads own certificate (and worry about subdomains) or use (automatic) let's encrypt for everything… Andrzej Wójcik wrote:
I know - I said as much. But in that case certbot has a hook so we could also include short guide how to make it work with tigase: "create hook with URL pointing to xmpp server and concatenated certificates and chain".
It looks kinda... stale... This: https://github.com/letsencrypt/boulder/issues/1309 seems like it would be kinda nice, but it's a no-go from CA perspective... |
|||||||
Wojciech Kapcia wrote:
FYI: I just added this part while working on #8875 #tigaseim-80. Now I'm pondering whether we should add dedicated Let's Encrypt solution within Tigase (considering constraints: HTTP having to point to our installation and having to generate certificates for all components) - @bmalkow @kobit @andrzej.wojcik ? |
|||||||
How much work does it need? I am asking because, I honestly doubt that many users will use this solution. It is still kind of complicated to setup for average user. However, I understand that it would be very useful for us anyway. So, if it is not much work I would be in favor of implementing it, even if we are pretty much the only users. |
|||||||
wojciech.kapcia@tigase.net changed fields 7 months ago
|
|||||||
wojciech.kapcia@tigase.net added to iteration "tigase-server-9.0.0" 7 months ago
|
|||||||
wojciech.kapcia@tigase.net added "Related" tigase-private/systems-maintenance/servers#433 5 months ago
|
|||||||
wojciech.kapcia@tigase.net added "Related" tigase/_server/tigase-utils#29 5 months ago
|
Type |
New Feature
|
Priority |
Blocker
|
Assignee | |
RedmineID |
5431
|
Version |
tigase-server-9.0.0
|
Estimation |
40h
|
-
tigase-server-9.0.0 Open
It would be quite handy if Tigase would be able to automatically provision Let's encrypt certificate when needed (and renew them)
https://github.com/shred/acme4j