Hello, A few comments from a novice...:
* Internal "stuff" ( ca & certificates used to secure traffic between engine and hosts) should stay internal; users/admin shouldn't be aware of this. * visible "stuff" ( ca & certs used to protect UI and API) should be easily modifiable One way of fulfilling those "requirements": ** One set of key/cert files shared between "all" public endpoints ( API, UI, WEBsockets, ImageIo....) ** Easily replaceable ( eg: known file location and a matter of reloading services after having updated the files) IMHO, letstencrypt specific stuff is not needed: we could write a "plugin" for acme.sh (running on another bastion host) responsible for pushing the renewed certs on engine vm when needed. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YXGIC56CYD6NA7LME24KABIXQIKAIMRX/