Anything new on this? On Sep 15, 2016 00:35, "Dale Ghent" <da...@elemental.org> wrote:
> > Apologies from necro’ing this thread, I’m just catching up. > > As a maintainer/user of a lesser-known open source OS (OmniOS, based on > illumos, which is the carry-on of what you all might remember as > OpenSolaris after Oracle killed it) I’ve had my own issues around > attempting to select a suitable letsencrypt client that works on OmniOS and > maintaining it. I’ve got one working (getssl) and it’s basically a giant > shell script with modifications to work in our native userland. > > The plain matter for people like myself is that most letsencrypt clients > out there are either Python or Shell script, with the former tending to > require non-mainstream C modules that don’t play well on anything outside > of Linux or *BSD, and the latter written with GNU userlands in mind. The > prospect of having cert management baked in to Apache httpd is tantalizing > - a perhaps more platform-agnostic approach that replaces the mess of > scripts and cronjobs that we see today. > > Of course it would be an optional module, and anyone turning it on with a > pre-existing LE setup should do so in an orderly way. Either way, > facilitating SSL certs in light of HTTP/2 would be something I would be > happy to see, even if at any other time such a facility would be seen as > outside the scope of httpd. > > /dale > > > On Aug 26, 2016, at 5:08 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: > > > > I think this is great, in concept. > > > > My experience with letsencrypt (which was quite good, FWIW) is that > > the project delivered a contained and trusted environment to sync and > > deliver new keys and retrieve signed certificates. I'll be interested to > see > > what simplification is presented, I don't think we want to get into the > > business of delivering container-style distributions of httpd. > > > > > > > > On Fri, Aug 26, 2016 at 9:47 AM, Rich Bowen <rbo...@rcbowen.com> wrote: > > At LinuxCon I spoke with the director of the LetsEncrypt project - whose > > business card I haven't yet found in unpacking - and he asked whether > > the httpd project would be interested in LetsEncrypt being "in" httpd. > > That is, when one installs httpd, letsencrypt would just be a config > > option. (I have no idea how this would actually work, but that's beside > > the point really.) > > > > Is this something that we'd be interested in, if it were contributed? I > > note that their software is under the Apache License, so there shouldn't > > be any difficulty on that front. > > > > Naturally, I told him that the next step was to get on this mailing list > > and talk about implementation details, and he said he'd do that. So that > > should be coming in the next week, as soon as I find his business card > > and send him the subscribe info and so on. > > > > -- > > Rich Bowen - rbo...@rcbowen.com - @rbowen > > http://apachecon.com/ - @apachecon > > > >
