Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Let's Encrypt support
« previous
next »
Print
Pages: [
1
]
Author
Topic: Let's Encrypt support (Read 11086 times)
Oebele Drijfhout
Newbie
Posts: 7
Karma: 1
Let's Encrypt support
«
on:
October 21, 2015, 09:32:38 pm »
Are there plans to support Let's Encrypt in the Certificate Manager, once they start signing certificates?
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Let's Encrypt support
«
Reply #1 on:
October 23, 2015, 08:43:34 am »
You speak of automatically using their service to sign SSL certificates?
Logged
Oebele Drijfhout
Newbie
Posts: 7
Karma: 1
Re: Let's Encrypt support
«
Reply #2 on:
November 08, 2015, 01:15:49 pm »
yes, some implementation of this:
https://letsencrypt.org/howitworks/
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Let's Encrypt support
«
Reply #3 on:
November 08, 2015, 09:07:05 pm »
We do have a python wrapper in FreeBSD now, py-letsencrypt, but I am a bit staggered by its complexity, although Python fits our backend service philosophy nicely. I can see this as a plugin, given that we handle backend service plugin support a bit better, I think there's a ticket here...
https://github.com/opnsense/core/issues/329
And this...
https://github.com/opnsense/plugins/issues/6
Any help on this front is greatly appreciated.
Logged
Oebele Drijfhout
Newbie
Posts: 7
Karma: 1
Re: Let's Encrypt support
«
Reply #4 on:
November 09, 2015, 08:31:53 pm »
Great, unfortunately my python skills leave room for improvement, but I'll certainly keep an eye on this.
Logged
reep
Jr. Member
Posts: 68
Karma: 8
Re: Let's Encrypt support
«
Reply #5 on:
August 09, 2016, 12:33:07 pm »
I have been using a bash script called letsencrypt.sh on my linux boxes and wrote a small plugin for them to generate the config files. The letsencrypt.sh script is a lot easier and more transportable than the full fat official clients.
https://github.com/lukas2511/letsencrypt.sh
It probably wouldn't take much to use that (and believe it is BSD compatible). You just need to write a simple plain text config file and domains.txt file and add a cronjob for renewals.
You have to be able to http resolve a .well-known/acme-challenge directory for a given domain.
B. Rgds
John
Logged
franco
Administrator
Hero Member
Posts: 17656
Karma: 1610
Re: Let's Encrypt support
«
Reply #6 on:
August 10, 2016, 07:24:41 am »
There's another thread here:
https://forum.opnsense.org/index.php?topic=2319
bash requirement for letsencrypt.sh is a bit controversial in BSD land, some of it Shellshock, the other bit just political nonsense. Not sure what to do here...
acme-tiny seems to be nice enough and can be installed from the command line
# pkg install acme-tiny
Docs can be found below.
https://github.com/diafygi/acme-tiny
We have no ETA for a plugin integration, short on contributor interest in the topic.
Cheers,
Franco
«
Last Edit: August 10, 2016, 07:29:21 am by franco
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Let's Encrypt support