httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: Let's Encrypt Feature Release
Date Mon, 20 Nov 2017 11:21:55 GMT
Disclaimer: Steffen and me got into each others hairs during the development and testing of
mod_md. I often have difficulties understanding what he means. That led to frustrations on
both sides, I suppose.

In the comment below, I find several things factually wrong, so I need to answer.

> Am 19.11.2017 um 16:21 schrieb Steffen <info@apachelounge.com>:
> 
> Notes:
> 
> It is not really a module, more a configuration/install utility. And introducing curl
and jansson dependencies.

It does several things and "install" utility cannot do without either living in the server
or parsing/rewriting arbitrary config files. But if you never use these additional features,
other tools might work as well, sure.

> Running mod_md from the beginning and made available at ApacheLounge. It was a struggle
to get it working for me and others, docu needs more eyes for reviews. It works ok, but I
do not see that advantage over other utilities out there. 

You should use the utility that serves you best. If you expect any less than struggle when
using pre-alpha versions in development, you should adjust your expectations.

> In January LetsEncrypt is starting with wildcard certs. Maybe worth to wait. I know users
waiting for that and experience learns that changes at LE can trouble mod_md.

This is FUD. The protocol that mod_md talks with LE will not change by the wildcard introduction.
LE is prepared to maintain the current v1 API point indefinitely, because there are many sites
and tools out there that use it.

The bug you probably refer to was the change of the License agreement last week, mod_md stalled
on certificate renewal and gave a proper NOTICE message in the logs about what went wrong.
The bug was fixed by me the next day. A workaround without the fix is possible by moving aside
the existing account data.

So, had this been released already, we could have provided a workaround at once (after analysing
the problem) and a fix right after. The marking of it as "experimental" is always a warning
that some bumps in the road are to be expected.

Cheers,

Stefan


Mime
View raw message