Hello! Ricardo Wurmus <[email protected]> skribis:
> Ludovic Courtès <[email protected]> writes: [...] >> I wonder what should be done with guix.info: should we keep it as a >> mirror, or should it redirect to gnu.org, or the opposite? > > I really don’t know. I didn’t plan for guix.info to become popular, but > it certainly is convenient right now as we can change DNS records at a > whim. > > Currently, the manual shown on guix.info is fairly close to the latest > in git. This means it contains documentation about channels, which > cannot be found in the latest release that matches the manual on > gnu.org. Yes, it’s convenient. >> My initial plan was to use guix.gnu.org as the primary domain but we’re >> stuck with the “Let’s Encrypt vs. multiple entries in DNS A records” >> issue. At the same time, guix.info works just fine. > > I thought the bigger issue was running a DNS server, which is something > I’ve never done and wouldn’t like to take on myself. I’ve never done it either :-) but our Knot service makes it looks easy. > The problem with naive Let’s Encrypt updates is that automatic > challenges might fail when the “wrong” server is returned by the DNS > server. “certbot” can be used with manual DNS validation, which > requires us to deploy a DNS TXT record. This can be automated with > certbot hooks (scripts that have access to the token that should be > published via environment variables) or through JSON mode, which returns > an object with the token that can be processed through other means. I didn’t know about all this! Looks like our Certbot service doesn’t support it though? > I think the Let’s Encrypt updates shouldn’t be a blocker. To me it was the main blocker. Let’s see if we can bring more knowledgeable people on board… Ludo’.
