-
Notifications
You must be signed in to change notification settings - Fork 445
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
server/camlistored: use Let's Encrypt
Or to be more precise, golang.org/x/crypto/acme/autocert The default behaviour regarding HTTPS certificates changes as such: 1) If the high-level config does not specify a certificate, the low-level config used to be generated with a default certificate path. This is no longer the case. 2) If the low-level config does not specify a certificate, we used to generate self-signed ones at the default path. This is no longer always the case. We only do this if our hostname does not look like an FQDN, otherwise we try Let's Encrypt. 3) As a result, if the high-level config does not specify a certificate, and the hostname looks like an FQDN, it is no longer the case that we'll generate a self-signed. Let's Encrypt will be tried instead. To sum up, the new rules are: If cert/key files are specified, and found, use them. If cert/key files are specified, not found, and the default values, generate them (self-signed CA used as a cert), and use them. If cert/key files are not specified, use Let's Encrypt if we have an FQDN, otherwise generate self-signed. Regarding cert caching: On non-GCE, store the autocert cache dir in osutil.CamliConfigDir()/letsencrypt.cache On GCE, store in /tmp/camli-letsencrypt.cache Fixes #701 Fixes #859 Change-Id: Id78a9c6f113fa93e38d690033c10a749d1844ea6
- Loading branch information
Showing
7 changed files
with
86 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters