On Tue, May 09, 2023 at 08:48:06PM +0200, Theo Buehler wrote:
> espie mentioned that the clue to use the staging server could be more
> explicit.
> Maybe this is enough and not too intrusive?
Some expressed concern that it should be done the other way around,
i.e., leave the default at letsencrypt. Perhaps it's indeed better
this way to avoid creating servers with bad certs.
Index: examples/acme-client.conf
===================================================================
RCS file: /cvs/src/etc/examples/acme-client.conf,v
retrieving revision 1.4
diff -u -p -r1.4 acme-client.conf
--- examples/acme-client.conf 17 Sep 2020 09:13:06 -0000 1.4
+++ examples/acme-client.conf 9 May 2023 19:39:12 -0000
@@ -27,5 +27,7 @@ domain example.com {
alternative names { secure.example.com }
domain key "/etc/ssl/private/example.com.key"
domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
+ # Test with the staging server to avoid aggressive rate-limiting.
+ #sign with letsencrypt-staging
sign with letsencrypt
}
