New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Letsencrypt certificate generation #35
Comments
After some thinking, there are two main options for automating Letsencrypt certificate generation:
The first option is more Docker-friendly: certbot is a long running process and would fit in a container. But it would also require some mechanism to restart other containers properly, thus access to the Docker socket. Also, it will become necessary at some point that users can restart containers and regenerate certificates through the admin interface. Although it is not natural to fork a long-time running process in a container, it still sounds like the best solution here. |
This library sounds nice: https://github.com/agronholm/apscheduler |
Another option would be to move all the tasks to a separate container running Celery (and maybe Beats). Loaded handlers would include every Freeposte related task and the container would be responsible for scheduling things. The existing With such a scheme, all Docker-related operations would be moved as tasks. Remaining question: how should we share models between both containers? |
For Milestone 1.4, we will go with the in-app scheduler on the admin interface side. The solution is quick and dirty but will do while awaiting a more structured architecture for the whole project. |
Certificate generation using certbot on Python3 seems broken for now, just pushed this, awaiting review: certbot/certbot#3757 |
Just pushed a first version of the letsencrypt certification generation, feel free to test and provide feedback once the builds are available. |
Still an issue: when no certificate is available, nginx will not start and Certbot will fail. Some work is probably required on the Nginx configuration. |
@kaiyou how could I test this? thanks |
If you already have a certificate setup and you set the |
This still has some problems.
|
|
|
|
Hi @kaiyou and everybody. Sorry if it's not the place to post this but my cert just expire today, whats is the best procedure to renew it? Thanks in advance. |
Ready, I only had to restart the front container. |
hey is the auto renew cert issue solved by now, just a newbie |
Provide a way to auto-generate and renew the TLS certificate if none is provided or if it is expired.
The text was updated successfully, but these errors were encountered: