Re: [EMERGENCY FREEZE BREAK] Temporarily fix fedorapeople.org SSL cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/12/22 19:22, Kevin Fenzi wrote:

On Sat, Oct 08, 2022 at 03:50:35PM +0200, Fabian Arrotin wrote:

On 07/10/2022 21:25, Nick Bebout wrote:

DNS validation needs someone (or a DNS plugin for Certbot) to add a DNS
record each time the certificate renews (by default Certbot renews 30
days before expiration.  This works very well if your DNS provider is
supported by one of certbot's plugins, but not as well if you have to
update it manually.  I'm not sure if there is a way to integrate it into
our current DNS setup.

  Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue

For centos.org (and sub-domains) we're also using DNS validation with ACME
and it's all automatic : bind supports dynamic zones (and we have a
delegated acme.centos.org zone for that reason) : I already mentioned it to
Kevin and Mark and pointed to the presentation : so one doesn't have to edit
DNS : just let the tool do it for you :)


Yeah. We just haven't set this up yet. Might be a nice thing to do after
f37 is out the door. We do have automated http challenges, so we can
(and do) get non wildcard certs that way in a automated way, just not
the wildcard ones (they need dns).

As certbot has become quite heavy, maybe one of [1],[2] or [3] can help?
1) https://packages.fedoraproject.org/pkgs/uacme/uacme/https://packages.fedoraproject.org/pkgs/uacme/uacme/ 
2) https://packages.fedoraproject.org/pkgs/dehydrated/dehydrated/
3) https://pypi.org/project/sewer/https://pypi.org/project/sewer/


Thanks for dealing with this Nick!

kevin



_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux