Roadmap for 2020

[natemcmaster]

Hey all,

I'm glad to see this repository continuing to get attention and continued usage. Here are my plans for for the coming year.

• Continue to use GitHub issues as the authoritative source of truth on planning, release schedule, issues, and more.
• Accept contributions for external contributors. If you'd like to send a pull request but not sure if your idea will be accepted, open an issue first to describe your proposal.

Feature enhancements:

• DONE in #11 auto renew certificates #73 - Allow automated certificate renewals. (Auto-renew certificates when close to expiring #11) This is a number 1 feature requests and adds significantly to the value it offers. Work on this is already underway
• DONE in feature: store account information across server restarts #67 - To enable renewals, we need to persist account key information across restarts.
• DONE (docs in Update README and release notes #95) - Allow persistence of certificates to arbitrary stores. Sometime hosts go down, so it's nice to be able to backup and load certs to/from external stores.
• Finally, I hope we can make this library easier to improve by improving the code quality and code coverage.

Update May 2020 -- as the major features I had planned for 2020 are completed, I will be used GitHub features and 👍 votes to determine what is important to address next. At the moment, it seems #1 is next up.

Thanks for all your help and contributions!
Nate

[webprofusion-chrisc]

Hi, random drop in - I develop https://certifytheweb.com which is a windows (GUI) based ACME certificate management system (now about 4 yrs old). It focuses on renewal automation and I'm planning to add an API for centralised cert renewal - i.e. clients (such as yours) can request the latest cert if they are authorized to by the administrator either via the ACME api or an http api call to the server. The service takes care of exotic things like DNS validation, API credential management, access control etc and also provides push deployment to external stores.

So my point is, it would be nice to be able to fetch and use the latest cert from an arbitrary ACME CA or from a given http API endpoint (together with an Authorization: Bearer JWT token). This also has an advantage for large deployments to avoid lots of LE cert requests for the same domain when new app versions are deployed.

[natemcmaster]

Supporting an arbitrary ACME CA server should be easy to add. Can you open a new issue using https://github.com/natemcmaster/LetsEncrypt/issues/new?template=Feature_request.md to request these features?

[andrewjsaid]

Haven't tried combining the two but would be great to make sure that this library works well with YARP out of the box with as little friction as possible, so that when YARP is officially released LettuceEncrypt could gain lots of exposure.

[natemcmaster]

I haven't looked into what it would take to integrate YARP, but I'm open to adding integration. Can you open a new issue using https://github.com/natemcmaster/LetsEncrypt/issues/new?template=Feature_request.md and describe what it would take to integrate with YARP?

[Tratcher]

@natemcmaster the existing Kestrel integration should work with YARP today. The biggest question in my mind is what happens in YARPs pre-built exe scenario (not started yet).

microsoft/reverse-proxy#110

[webprofusion-chrisc]

@Tratcher the convention for pre-built exe's (nginx, apache etc) performing reverse proxy duties is that they pickup up their certs from config (i.e. point to a file) and as discussed elsewhere certs can come from any number of sources. A nice extension of that would be if YARP could fetch a cert from a url (and possibly present an auth token), but auth that requires a handshake is more difficult and I think you'd need to get into the territory of dynamic plugins for middleware.

[Tratcher]

Or if the pre-built exe embedded one of these libraries and allowed you to enable it via config. We don't want to go the route of dynamic plugins, that's why we're providing library and template alternatives for customization.