Reload certificate at run time #93
Comments
|
Have you seen https://github.com/natemcmaster/LetsEncrypt ? |
|
Yeh - we currently plan to use that along with https://github.com/ProxyKit/ProxyKit. Just thought I'd suggest it as a core feature here. |
|
I do think having Let's Encrypt as a core feature is valid (though perhaps not in v1). We have #110 tracking that already. @Tratcher @halter73 is the rest of this (updating the certificate, separate from Let's Encrypt) possible already with the SNI callback? I realize it's not async, but you could (today) still have a background process reloading it and swap it out, right? |
|
Yes, the SNI callback allows you to use a new cert every time a connection starts. That's how the LetsEncrypt integration works. It's a bit manual if you want to do it yourself though. We're tracking a few related improvements:
|
|
My sense then is to close this out. We have #110 tracking native support for LE. We have the issues you listed above (which we can add to our tracking board) for improvements to SNI. |
|
Triage: Let's close this out. |
What should we add or change to make your life better?
It would be nice to ultimately have support for letsencrypt. Not sure that it makes sense to add letsencrypt support specifically, but at least some way of automatically reloading a cert when it changes?
Why is this important to you?
We currently use nginx and cert-manager in kubernetes, but would love to get rid of nginx and just use kestrel on the edge (using this project!) but we need a way to either automatically update the cert in kestrel when cert-manager grabs a new one, or even better, get rid of cert-manager and have the edge proxy manage its own certs with built in letsencrypt integration.
The text was updated successfully, but these errors were encountered: