Skip to content
This repository has been archived by the owner on Jun 5, 2024. It is now read-only.

Support for Let's Encrypt #105

Open
acerspyro opened this issue Aug 27, 2022 · 3 comments
Open

Support for Let's Encrypt #105

acerspyro opened this issue Aug 27, 2022 · 3 comments
Labels
enhancement New feature or request

Comments

@acerspyro
Copy link

Is Let's Encrypt support a possibility?

IPA doesn't seem to work here.

image

Cheers!
@skobyda
Copy link
Collaborator

skobyda commented Sep 1, 2022
edited
Loading

I believe it could be possible. Although it would require a lot of work to integrate a different set of APIs all throughout the project. So certainly this is a big scope request.
We have basically all of the APIs endpoints which we use listed in wrappers in here: https://github.com/cockpit-project/cockpit-certificates/blob/master/src/dbus.js
So I would start by writing similar wrappers, which however would call certbot instead of certmonger, and probably thru CLI since it seems certbot doesn't have dbus APIs.
But otherwise, the certbot is quite similar to certmonger with its CLI options:
"certbot run" (request), "certbot renew", "certbot revoke", "certbot delete"....

I don't see anything blocking this feature, it's certainly possible, but quite a big scope.

@MrGrymReaper
Copy link

I believe it could be possible. Although it would require a lot of work to integrate a different set of APIs all throughout the project. So certainly this is a big scope request. We have basically all of the APIs endpoints which we use listed in wrappers in here: https://github.com/cockpit-project/cockpit-certificates/blob/master/src/dbus.js So I would start by writing similar wrappers, which however would call certbot instead of certmonger, and probably thru CLI since it seems certbot doesn't have dbus APIs. But otherwise, the certbot is quite similar to certmonger with its CLI options: "certbot run" (request), "certbot renew", "certbot revoke", "certbot delete"....

I don't see anything blocking this feature, it's certainly possible, but quite a big scope.

Actually FreeIPA has fairly recently gained the capacity to utilise the "ACME" protocol. It's this protocol which Let's Encrypt and several other Certificate Authorities (CA) utilise for certificate activities.

@jtmusselman
Copy link

Actually FreeIPA has fairly recently gained the capacity to utilise the "ACME" protocol. It's this protocol which Let's Encrypt and several other Certificate Authorities (CA) utilise for certificate activities.

What work would it take to implement this @MrGrymReaper @skobyda?

@martinpitt martinpitt added the enhancement New feature or request label May 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@martinpitt @acerspyro @MrGrymReaper @skobyda @jtmusselman