Quoting Marco d'Itri (2015-08-02 12:36:19) > On Aug 02, Daniel Pocock <dan...@pocock.pro> wrote: > >> Does anybody prefer to see packages create certificates during >> postinst or is there any preference not to try that and let people do >> so manually? > There is no point in trying to get a certificate from letsencrypt > every time you install a package if you already have one that you want > to use.
On the other hand, there is a point in extending ssl-cert to optionally use letsencrypt. E.g. this debconf question during install: a) Always use self-signed cert (a.k.a. Snakeoil cert) [default] b) Ask each time which cert to use ..and then some routine (e.g. debconf with custom throw-away cache) triggered when b) is selected, which by default uses Snakeoil (which is then also used when in non-interactive mode) but consulting a conf.d list of alternatives that might include letsinclude package and a custom local script for a sysadmin using some other custom routine. I am not volunteering to extend the script, just sharing the idea here. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature