[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: status of Let's Encrypt for MirageOS webservers?

To: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
From: Hannes Mehnert <hannes@xxxxxxxxxxx>
Date: Mon, 14 Sep 2020 09:55:39 +0200
Delivery-date: Mon, 14 Sep 2020 08:16:08 +0000
List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Hi,

On 14/09/2020 02:29, Mindy Preston wrote:
> Certificate renewal time has come and gone once again, leading me to
> wonder whether there's a convenient way to use Let's Encrypt for my
> MirageOS webserver (based heavily on mirage-www) yet.>
> So... is there?

Apart from using authoritative DNS servers
(https://hannes.nqsb.io/Posts/DnsServer#Let-39-s-encrypt), I recommend
to look into the unipi snippet which uses "the ALPN challenge" (i.e.
nothing apart from the webserver needed):

https://github.com/roburio/unipi/blob/101860be01b965bd1a40aa92beb5c24e9117ea98/unikernel.ml#L146-L272

Upside: no further systems are involved, renews certificate every 80 days
Downside: doesn't persist certificate -> on each reboot of your
unikernel, a LE certificate will be requested (I so far didn't find time
to experiment with block devices (file systems?) for storing the
certificate temporarily, still on my TODO list somewhere)


Best,

hannes

References:
- status of Let's Encrypt for MirageOS webservers?
  - From: Mindy Preston

Prev by Date: status of Let's Encrypt for MirageOS webservers?
Previous by thread: status of Let's Encrypt for MirageOS webservers?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.