Difference between revisions of "Talk:Certbot"

From ArchWiki
Jump to navigation Jump to search
m (→‎letsencrypt 2: removed closed discussion)
Line 10: Line 10:
 
this is an elegant solution especially for webapps on (sub)domains, as their filesystem locations are not littered with .well-known folders.
 
this is an elegant solution especially for webapps on (sub)domains, as their filesystem locations are not littered with .well-known folders.
 
still i lack an idea how to integrate this into the existing article, hence the post here. opinions? [[User:Fordprefect|Fordprefect]] ([[User talk:Fordprefect|talk]]) 22:09, 21 March 2016 (UTC)
 
still i lack an idea how to integrate this into the existing article, hence the post here. opinions? [[User:Fordprefect|Fordprefect]] ([[User talk:Fordprefect|talk]]) 22:09, 21 March 2016 (UTC)
 +
 +
== DNS method should be mentioned as well as UCC certs ==
 +
 +
I use DNS as the validation method as I have appliances where I can't modify webroot but use a single UCC certificate for simplicity. Should probably add this. I don't use certbot, rather acme.sh, but I can switch and take a stab at it in a couple of weeks. Any interest in alternates as well, or just wanting to stick to the official client? [[User:DJ L|DJ L]] ([[User talk:DJ L|talk]]) 08:02, 20 November 2016 (UTC)

Revision as of 08:02, 20 November 2016

RFC: elegant method for webroot

on the interwebs i found an interesting idea for multi domain setups. the idea is to serve all /.well-know/acme-challenge requests to one central place (e.g. /var/lib/letsencrypt) where the clients can put the challenge files to. a nginx config for this (e.g. in ssl.conf, so it is included everywhere ssl is used) can look like this:

 location /.well-known/acme-challenge {
   alias /var/lib/letsencrypt;
   default_type "text/plain";
   try_files $uri =404;
 }

this is an elegant solution especially for webapps on (sub)domains, as their filesystem locations are not littered with .well-known folders. still i lack an idea how to integrate this into the existing article, hence the post here. opinions? Fordprefect (talk) 22:09, 21 March 2016 (UTC)

DNS method should be mentioned as well as UCC certs

I use DNS as the validation method as I have appliances where I can't modify webroot but use a single UCC certificate for simplicity. Should probably add this. I don't use certbot, rather acme.sh, but I can switch and take a stab at it in a couple of weeks. Any interest in alternates as well, or just wanting to stick to the official client? DJ L (talk) 08:02, 20 November 2016 (UTC)