wojciech.kapcia@tigase.net opened 7 years ago
|
|||||||
|
|||||||
We should consider how it should be handled and possible use cases / what triggers it:
In terms of actual functionality:
Comments? %kobit %andrzej.wojcik %bmalkow ? |
|||||||
%wojtek Yes, it is possible to redirect I remember that there was an idea to allow SSL certificates for XMPP for domain |
|||||||
Wojciech Kapcia wrote:
Actually it does. So basically either someone uploads own certificate (and worry about subdomains) or use (automatic) let's encrypt for everything… Andrzej Wójcik wrote:
I know - I said as much. But in that case certbot has a hook so we could also include short guide how to make it work with tigase: "create hook with URL pointing to xmpp server and concatenated certificates and chain".
It looks kinda... stale... This: https://github.com/letsencrypt/boulder/issues/1309 seems like it would be kinda nice, but it's a no-go from CA perspective... |
|||||||
Wojciech Kapcia wrote:
FYI: I just added this part while working on #8875 #tigaseim-80. Now I'm pondering whether we should add dedicated Let's Encrypt solution within Tigase (considering constraints: HTTP having to point to our installation and having to generate certificates for all components) - @bmalkow @kobit @andrzej.wojcik ? |
|||||||
How much work does it need? I am asking because, I honestly doubt that many users will use this solution. It is still kind of complicated to setup for average user. However, I understand that it would be very useful for us anyway. So, if it is not much work I would be in favor of implementing it, even if we are pretty much the only users. |
|||||||
wojciech.kapcia@tigase.net changed fields 5 months ago
|
|||||||
wojciech.kapcia@tigase.net added to iteration "tigase-server-9.0.0" 5 months ago
|
|||||||
wojciech.kapcia@tigase.net added "Related" tigase-private/systems-maintenance/servers#433 2 months ago
|
|||||||
wojciech.kapcia@tigase.net added "Related" tigase/_server/tigase-utils#29 2 months ago
|
Type |
New Feature
|
Priority |
Blocker
|
Assignee | |
RedmineID |
5431
|
Version |
tigase-server-9.0.0
|
Estimation |
40h
|
-
tigase-server-9.0.0 Open
-
tigase-private/systems-maintenance/servers#369 You are not authorized to access this issue
-
tigase-private/systems-maintenance/servers#433 You are not authorized to access this issue
It would be quite handy if Tigase would be able to automatically provision Let's encrypt certificate when needed (and renew them)
https://github.com/shred/acme4j