[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: status of Let's Encrypt for MirageOS webservers?


On 14/09/2020 02:29, Mindy Preston wrote:
> Certificate renewal time has come and gone once again, leading me to
> wonder whether there's a convenient way to use Let's Encrypt for my
> MirageOS webserver (based heavily on mirage-www) yet.>
> So... is there?

Apart from using authoritative DNS servers
(https://hannes.nqsb.io/Posts/DnsServer#Let-39-s-encrypt), I recommend
to look into the unipi snippet which uses "the ALPN challenge" (i.e.
nothing apart from the webserver needed):


Upside: no further systems are involved, renews certificate every 80 days
Downside: doesn't persist certificate -> on each reboot of your
unikernel, a LE certificate will be requested (I so far didn't find time
to experiment with block devices (file systems?) for storing the
certificate temporarily, still on my TODO list somewhere)





Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.