I actually had Rob Crittenden point that issue out to me and encourage me to work on this after I created the shell scripts as a quick fix to solve our immediate internal need.
Now I'm dreaming if a day where I can automatically issue and renew certs signed by a publicly trusted CA across our entire infrastructure, internal and external. I've been playing around with APIs and libraries for a couple of days now and I think the most promising approach is to create one library/project that's both a plugin for CertBot (the official ACME/Let's Encrypt client) and a helper for Certmonger at the same time. This would allow any server with Certbot installed to authenticate using FreeIPA/DNS and allow any server with Certmonger to get Let's Encrypt certs. Any/All suggestions are welcome. On Wed, Jan 3, 2018 at 4:46 AM, Martin Kosek <mko...@redhat.com> wrote: > On 01/02/2018 12:16 PM, Antonia Stevens via FreeIPA-devel wrote: > > Hey Martin and Paride, > > > > There are also some scripts which use DNS auth and allow multiple DNS > > names/aliases/principals: > > > > https://github.com/antevens/letsencrypt-freeipa > > > > In addition to that I recently started work on a Certmonger helper which > > would allow one to use Let's Encrypt certs for the entire infrastructure > > automatically: > > > > https://github.com/antevens/cerlet > > Cool! Sounds quite interesting! We have thought about supporting Let's > Encrypt/ACME in FreeIPA/certmonger also: > https://pagure.io/freeipa/issue/4751 > but did not get to it yet. > > Martin > -- Antonia Stevens a...@antevens.com +1 416 888 6908 <+1%20+(416)%20888-6908>
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org