Page MenuHomeVyOS Platform

Move certbot request to op-mode
Closed, WontfixPublicFEATURE REQUEST

Description

The introduction of let's encrypt certificates for https invoked a certbot request within the https configuration --- this is incorrect, as it adds an overhead and point of failure at boot. Properly, the certbot request should be handled by an op-mode 'generate' command, similar to, say, wireguard keys. This obviates the need to denest configuration (T2289).

Details

Difficulty level
Unknown (require assessment)
Version
vyos-1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

syncer added a subscriber: syncer.

@jestabro I will suggest a move from certbot
to https://github.com/go-acme/lego
This will give us some more flexibility with LE provision

syncer triaged this task as Normal priority.Oct 17 2021, 2:58 PM

This will be integrated with the PKI subsystem, using the ideas there.

Closed for implementation via T5886

c-po set Issue type to Unspecified (please specify).