On Aug 29, 2016 14:50, "Jim Jagielski" <j...@jagunet.com> wrote: > > Key, of course (no pun intended) is a client impl with a suitable > and acceptable license. > > There is https://kristaps.bsd.lv/letskencrypt/, but last I looked > it required, iirc, LibreSSL as well as it still being somewhat > instable. I am hoping we can get pointers to alternatives :)
Provided that letskencrypt can be appropriately licensed, it appears that from the outline, the core (red illustrated) bits could run in the root context of httpd at startup (at the time that client traffic would not have polluted that process.) Our model already makes the rest of the piping and restricted child processes trivial. License seems to be the simplest BSD form https://github.com/kristapsdz/letskencrypt/blob/master/LICENSE.md Getting this compatible with whichever httpd mod_ssl is linked to, LibreSSL or OpenSSL would surely be trivial, author's bias notwithstanding.