From mirageos-devel-bounces@lists.xenproject.org Tue Sep 14 02:02:08 2021 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Tue, 14 Sep 2021 02:02:08 +0000 Received: from list by lists.xenproject.org with outflank-mailman.186062.334803 (Exim 4.92) (envelope-from ) id 1mPxli-0002gA-RO; Tue, 14 Sep 2021 02:01:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 186062.334803; Tue, 14 Sep 2021 02:01:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPxli-0002g1-MU; Tue, 14 Sep 2021 02:01:54 +0000 Received: by outflank-mailman (input) for mailman id 186062; Tue, 14 Sep 2021 02:01:52 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mPxlg-0002fv-Me for mirageos-devel@lists.xenproject.org; Tue, 14 Sep 2021 02:01:52 +0000 Received: from relay9-d.mail.gandi.net (unknown [217.70.183.199]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id ae67c09e-1a8c-4834-aa1b-0e16245da041; Tue, 14 Sep 2021 02:01:51 +0000 (UTC) Received: (Authenticated sender: guybrush@somerandomidiot.com) by relay9-d.mail.gandi.net (Postfix) with ESMTPSA id 4EA07FF802 for ; Tue, 14 Sep 2021 02:01:48 +0000 (UTC) X-BeenThere: mirageos-devel@lists.xenproject.org List-Id: Developer list for MirageOS List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: mirageos-devel-bounces@lists.xenproject.org Precedence: list Sender: "MirageOS-devel" X-Inumbo-ID: ae67c09e-1a8c-4834-aa1b-0e16245da041 Subject: Re: status of Let's Encrypt for MirageOS webservers? To: mirageos-devel@lists.xenproject.org References: <2ac3274d-37b7-1044-b51a-47c6037f7ec6@somerandomidiot.com> <11714ac1-eb8c-ea8a-506f-4c0dc49cd89c@mehnert.org> From: Mindy Preston Message-ID: Date: Mon, 13 Sep 2021 21:01:44 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: <11714ac1-eb8c-ea8a-506f-4c0dc49cd89c@mehnert.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US On 9/14/20 2:55 AM, Hannes Mehnert wrote: > Hi, > > On 14/09/2020 02:29, Mindy Preston wrote: >> Certificate renewal time has come and gone once again, leading me to >> wonder whether there's a convenient way to use Let's Encrypt for my >> MirageOS webserver (based heavily on mirage-www) yet.> >> So... is there? > Apart from using authoritative DNS servers > (https://hannes.nqsb.io/Posts/DnsServer#Let-39-s-encrypt), I recommend > to look into the unipi snippet which uses "the ALPN challenge" (i.e. > nothing apart from the webserver needed): > > https://github.com/roburio/unipi/blob/101860be01b965bd1a40aa92beb5c24e9117ea98/unikernel.ml#L146-L272 > > Upside: no further systems are involved, renews certificate every 80 days > Downside: doesn't persist certificate -> on each reboot of your > unikernel, a LE certificate will be requested (I so far didn't find time > to experiment with block devices (file systems?) for storing the > certificate temporarily, still on my TODO list somewhere) > I was able to adapt this to a usable solution rather than paying for yet another TLS certificate today. A very belated thank you! Cheers, Mindy From mirageos-devel-bounces@lists.xenproject.org Thu Sep 16 09:02:30 2021 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Thu, 16 Sep 2021 09:02:30 +0000 Received: from list by lists.xenproject.org with outflank-mailman.188259.337352 (Exim 4.92) (envelope-from ) id 1mQnHd-0001NQ-Th; Thu, 16 Sep 2021 09:02:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 188259.337352; Thu, 16 Sep 2021 09:02:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnHd-0001NJ-Q7; Thu, 16 Sep 2021 09:02:17 +0000 Received: by outflank-mailman (input) for mailman id 188259; Thu, 16 Sep 2021 09:02:16 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mQnHc-0001ND-NW for mirageos-devel@lists.xenproject.org; Thu, 16 Sep 2021 09:02:16 +0000 Received: from mail.mehnert.org (unknown [213.73.89.200]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 52c87eb9-8d1a-4508-8b38-53b39d0550b3; Thu, 16 Sep 2021 09:02:14 +0000 (UTC) Received: from [192.168.42.80] (dslb-178-000-058-010.178.000.pools.vodafone-ip.de [178.0.58.10]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "hannes@mehnert.org", Issuer "mehnert root CA" (not verified)) by mail.mehnert.org (Postfix) with ESMTPS id 562271268D for ; Thu, 16 Sep 2021 11:02:12 +0200 (CEST) X-BeenThere: mirageos-devel@lists.xenproject.org List-Id: Developer list for MirageOS List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: mirageos-devel-bounces@lists.xenproject.org Precedence: list Sender: "MirageOS-devel" X-Inumbo-ID: 52c87eb9-8d1a-4508-8b38-53b39d0550b3 To: "mirageos-devel@lists.xenproject.org" From: Hannes Mehnert Subject: autumn retreat (November 8th - 14th) Message-ID: Date: Thu, 16 Sep 2021 11:02:05 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Dear hackers, after a long period without any retreats, I'm delighted to announce that there will be a next retreat. This time in Mirleft (southern Morocco - next airport is Agadir). Accomodation will be single-bed rooms. Due to Covid and travel restrictions, only vaccinated persons can attend. Depending on your origin country, you may need an up-to-date negative PCR test. The fee for accomodation and full board is 450 EUR. Since time is running fast, please sign up as soon as possible (the latest *September 20th*) by sending a mail to retreat2021@nqsb.io. Information at http://retreat.mirage.io Take care and hope to see you soon, Hannes