httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@gmail.com>
Subject Re: httpd and letsencrypt
Date Thu, 17 Nov 2016 18:22:35 GMT
Anything new on this?

On Sep 15, 2016 00:35, "Dale Ghent" <daleg@elemental.org> wrote:

>
> Apologies from necro’ing this thread, I’m just catching up.
>
> As a maintainer/user of a lesser-known open source OS (OmniOS, based on
> illumos, which is the carry-on of what you all might remember as
> OpenSolaris after Oracle killed it) I’ve had my own issues around
> attempting to select a suitable letsencrypt client that works on OmniOS and
> maintaining it. I’ve got one working (getssl) and it’s basically a giant
> shell script with modifications to work in our native userland.
>
> The plain matter for people like myself is that most letsencrypt clients
> out there are either Python or Shell script, with the former tending to
> require non-mainstream C modules that don’t play well on anything outside
> of Linux or *BSD, and the latter written with GNU userlands in mind. The
> prospect of having cert management baked in to Apache httpd is tantalizing
> - a perhaps more platform-agnostic approach that replaces the mess of
> scripts and cronjobs that we see today.
>
> Of course it would be an optional module, and anyone turning it on with a
> pre-existing LE setup should do so in an orderly way. Either way,
> facilitating SSL certs in light of HTTP/2 would be something I would be
> happy to see, even if at any other time such a facility would be seen as
> outside the scope of httpd.
>
> /dale
>
> > On Aug 26, 2016, at 5:08 PM, William A Rowe Jr <wrowe@rowe-clan.net>
> wrote:
> >
> > I think this is great, in concept.
> >
> > My experience with letsencrypt (which was quite good, FWIW) is that
> > the project delivered a contained and trusted environment to sync and
> > deliver new keys and retrieve signed certificates. I'll be interested to
> see
> > what simplification is presented, I don't think we want to get into the
> > business of delivering container-style distributions of httpd.
> >
> >
> >
> > On Fri, Aug 26, 2016 at 9:47 AM, Rich Bowen <rbowen@rcbowen.com> wrote:
> > At LinuxCon I spoke with the director of the LetsEncrypt project - whose
> > business card I haven't yet found in unpacking - and he asked whether
> > the httpd project would be interested in LetsEncrypt being "in" httpd.
> > That is, when one installs httpd, letsencrypt would just be a config
> > option. (I have no idea how this would actually work, but that's beside
> > the point really.)
> >
> > Is this something that we'd be interested in, if it were contributed? I
> > note that their software is under the Apache License, so there shouldn't
> > be any difficulty on that front.
> >
> > Naturally, I told him that the next step was to get on this mailing list
> > and talk about implementation details, and he said he'd do that. So that
> > should be coming in the next week, as soon as I find his business card
> > and send him the subscribe info and so on.
> >
> > --
> > Rich Bowen - rbowen@rcbowen.com - @rbowen
> > http://apachecon.com/ - @apachecon
> >
>
>

Mime
View raw message