> I understand the reason letsencrypt came into existence is the web. So
> most environments where acme-client currently is used probably already
> have a httpd running. But I suspect the demand for acme-client on
> non-webservers will rise and it will feel more like a kludge to
> configure, st
On Wed, 6 Dec 2017 13:54:36 +
> On 2017/12/06 14:13, Tim Kuijsten wrote:
> >But I suspect the demand for acme-client on
> > non-webservers will rise and it will feel more like a kludge to
> > configure, start and stop a webserver in those environments.
>
> Using HTTP at all
On 2017/12/06 14:13, Tim Kuijsten wrote:
>But I suspect the demand for acme-client on non-webservers
> will rise and it will feel more like a kludge to configure, start and stop a
> webserver in those environments.
Using HTTP at all for these (even if it's only running temporarily)
On Tue, Dec 05, 2017 at 01:33:23PM -0700, Theo de Raadt wrote:
>That was also the initial design with substantial priv seperation.
>It shouldn't be designed to tap another process potentially running
>with a different uid.
Not wanting to touch processes that run with different user ids, is that
> >That was also the initial design with substantial priv seperation.
> >It shouldn't be designed to tap another process potentially running
> >with a different uid.
>
> Not wanting to touch processes that run with different user ids, is that
> in order to fully eliminate any influence from the o
That was also the initial design with substantial priv seperation.
It shouldn't be designed to tap another process potentially running
with a different uid.
Not wanting to touch processes that run with different user ids, is that
in order to fully eliminate any influence from the other process/
> On 2017/12/05 12:59, Tim Kuijsten wrote:
> > I think it would be nicer if acme-client is able to start and stop httpd(8)
> > itself with the config mentioned in acme-client(5) so users on
> > non-webservers don't have to be bothered with setting up a web server
> > themselves.
>
> That feels lik
On 2017/12/05 12:59, Tim Kuijsten wrote:
> I think it would be nicer if acme-client is able to start and stop httpd(8)
> itself with the config mentioned in acme-client(5) so users on
> non-webservers don't have to be bothered with setting up a web server
> themselves.
That feels like a huge reach
Hi tech@,
(super-slightly revised mail/patch compared to the one from October 1st,
mainly indent and line-wrap [1])
I'm using acme-client(1) to handle my certificates on a bunch of
mailservers (smtps, imaps, pops) and a dedicated syslogd(8) server with
tls. My daily cron on these machines co