[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: status of Let's Encrypt for MirageOS webservers?

On 9/14/20 2:55 AM, Hannes Mehnert wrote:


On 14/09/2020 02:29, Mindy Preston wrote:
Certificate renewal time has come and gone once again, leading me to
wonder whether there's a convenient way to use Let's Encrypt for my
MirageOS webserver (based heavily on mirage-www) yet.>
So... is there?
Apart from using authoritative DNS servers
(https://hannes.nqsb.io/Posts/DnsServer#Let-39-s-encrypt), I recommend
to look into the unipi snippet which uses "the ALPN challenge" (i.e.
nothing apart from the webserver needed):


Upside: no further systems are involved, renews certificate every 80 days
Downside: doesn't persist certificate -> on each reboot of your
unikernel, a LE certificate will be requested (I so far didn't find time
to experiment with block devices (file systems?) for storing the
certificate temporarily, still on my TODO list somewhere)

I was able to adapt this to a usable solution rather than paying for yet another TLS certificate today. A very belated thank you!





Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.