httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Ghent <da...@elemental.org>
Subject Re: httpd and letsencrypt
Date Wed, 14 Sep 2016 22:35:21 GMT

Apologies from necro’ing this thread, I’m just catching up.

As a maintainer/user of a lesser-known open source OS (OmniOS, based on illumos, which is
the carry-on of what you all might remember as OpenSolaris after Oracle killed it) I’ve
had my own issues around attempting to select a suitable letsencrypt client that works on
OmniOS and maintaining it. I’ve got one working (getssl) and it’s basically a giant shell
script with modifications to work in our native userland.

The plain matter for people like myself is that most letsencrypt clients out there are either
Python or Shell script, with the former tending to require non-mainstream C modules that don’t
play well on anything outside of Linux or *BSD, and the latter written with GNU userlands
in mind. The prospect of having cert management baked in to Apache httpd is tantalizing -
a perhaps more platform-agnostic approach that replaces the mess of scripts and cronjobs that
we see today.

Of course it would be an optional module, and anyone turning it on with a pre-existing LE
setup should do so in an orderly way. Either way, facilitating SSL certs in light of HTTP/2
would be something I would be happy to see, even if at any other time such a facility would
be seen as outside the scope of httpd.

/dale

> On Aug 26, 2016, at 5:08 PM, William A Rowe Jr <wrowe@rowe-clan.net> wrote:
> 
> I think this is great, in concept.
> 
> My experience with letsencrypt (which was quite good, FWIW) is that
> the project delivered a contained and trusted environment to sync and
> deliver new keys and retrieve signed certificates. I'll be interested to see
> what simplification is presented, I don't think we want to get into the
> business of delivering container-style distributions of httpd.
> 
> 
> 
> On Fri, Aug 26, 2016 at 9:47 AM, Rich Bowen <rbowen@rcbowen.com> wrote:
> At LinuxCon I spoke with the director of the LetsEncrypt project - whose
> business card I haven't yet found in unpacking - and he asked whether
> the httpd project would be interested in LetsEncrypt being "in" httpd.
> That is, when one installs httpd, letsencrypt would just be a config
> option. (I have no idea how this would actually work, but that's beside
> the point really.)
> 
> Is this something that we'd be interested in, if it were contributed? I
> note that their software is under the Apache License, so there shouldn't
> be any difficulty on that front.
> 
> Naturally, I told him that the next step was to get on this mailing list
> and talk about implementation details, and he said he'd do that. So that
> should be coming in the next week, as soon as I find his business card
> and send him the subscribe info and so on.
> 
> --
> Rich Bowen - rbowen@rcbowen.com - @rbowen
> http://apachecon.com/ - @apachecon
> 


Mime
View raw message