Antonia Stevens via FreeIPA-devel wrote:
Hi,

Thought I should introduce myself and post a link to some recent work
which might be relevant for some of you.

My name is Antonia Stevens and I'm a DevOps Engineer and long time
FreeIPA user.

We recently had a need to get proper certs for IPA servers in AWS which
means they have multiple IPs/DNS Names/Principals, since I could not
find anything I hacked together a couple of bash scripts to make it a
bit easier.

https://github.com/antevens/letsencrypt-freeipa

Thanks for all the great work and depending on my schedule I might try
to contribute a bit more going forward.

This looks very cool. I haven't executed it yet but from reading the scripts here are a few ideas/suggestions.

- it may be better to get the kerberos realm from /etc/ipa/default.conf
- I have the feeling this requires at least IPA v4.5.0. Probably worthwhile to document which version(s) are known to work - A cronjob wouldn't be necessary if certmonger was used to do the renewal. The script would need to be modified to work as a certmonger CA but then it could handle restarting the services, etc.

rob
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to