On 10 Sep 2016, at 15:42, Xavier Leroy <xavier.le...@inria.fr> wrote: > > On 09/07/2016 04:21 PM, Ashish Agarwal wrote: >> IIRC, this was particularly relevant for the opam sub-domain, so cc-ing the >> opam-devel list. Can any opam dev please confirm. If it is still needed, we >> should act quick to update this. > > I'm positive you need secure connections for lists.ocaml.org as well > (to protect the passwords of list administrators and subscribers).
That's correct -- the current Gandi SSL certificate had a few subdomains to deal with as well, so all of those need to be renewed. I've been experimenting with Letsencrypt on a few other domains, and it is mostly working fine except that certificates are only issued for 90 days. This means that it's essential to implement autorenewal via the Acme API, or else domains will expire rather rapidly. This is generally a good excuse to examine the state of the various infrastructures to determine how auto-update friendly they all are. There is an ocaml-acme client under development at: https://github.com/mmaker/ocaml-acme ...but it requires a release of OCaml-X509 to expose some extra CSR information. Hannes, is there a release of that scheduled, or should I look at an alternative mechanism for our auto-updated certs? > Now that Anil is a successful businessman, who is administering the > *.ocaml.org Web servers and DNS ? Happily, this businessman is still administering the servers, albeit with a slightly higher latency... regards, Anil _______________________________________________ opam-devel mailing list opam-devel@lists.ocaml.org http://lists.ocaml.org/listinfo/opam-devel
