On Tue, 19 Jul 2016, David Lamparter wrote:
Thanks; the problem there is a different one though - my hosting setup has a separate reverse proxy doing all TLS handling; i.e. the patchwork setup can't access its own certificates. I'm using the ACME DNS method to get my LetsEncrypt certificates for my own domains (which the TLS box handles perfectly on its own, and I like the clear security zoning with that); on the other hand the HTTP method becomes very cumbersome to use since I'd need to push either the auth-tokens or certificates around between zones.
Ah, ok.
For now I'm very tempted to not sink additional time into it and leave it as https://patchwork.diac24.net -- is there a real demand/need to have https://patchwork.quagga.net too?
I don't know! I guess HTTPS-by-default is better, if easy to do, but probably not important enough for this.
There apparently is a way to do the LetsEncrypt validation via DNS records, but I don't know if ACME clients support that (the ACME client I use does not). If that was a fairly static key to setup and your client worked with that, could try that.
Whatever you think. regards, -- Paul Jakma | [email protected] | @pjakma | Key ID: 0xD86BF79464A2FF6A Fortune: Father Jack Hackett: I love my brick! _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
