certificate creation in postinst, potentially using letsencrypt script

To: debian-devel@lists.debian.org
Subject: certificate creation in postinst, potentially using letsencrypt script
From: Daniel Pocock <daniel@pocock.pro>
Date: Sun, 02 Aug 2015 10:51:40 +0200
Message-id: <[🔎] 55BDDA1C.7040407@pocock.pro>


Does anybody prefer to see packages create certificates during postinst
or is there any preference not to try that and let people do so manually?

The Let's Encrypt CA also has a client utility, letsencrypt[1], that
could be very useful from the postinst script.

With any CA, there can sometimes be a delay between the moment when
somebody submits a CSR and when they receive their certificate, it
obviously wouldn't be desirable for postinst to be hanging on if it
takes hours or days for the CA to respond.

This also relates to the location of certificates and keys on Debian,
something I raised in another thread[2]

I've been thinking about this for some time for the SIP and XMPP
packages but obviously there are many others that could use this.



1. https://letsencrypt.org/howitworks/

2. https://lists.debian.org/debian-devel/2015/07/msg00024.html

Reply to:

Follow-Ups:
- Re: certificate creation in postinst, potentially using letsencrypt script
  - From: Paul Wise <pabs@debian.org>
- Re: certificate creation in postinst, potentially using letsencrypt script
  - From: md@Linux.IT (Marco d'Itri)

Prev by Date: Re: server certificates/key pairs and CA directories
Next by Date: Bug#794368: ITP: netty-tcnative -- Tomcat Native fork for Netty
Previous by thread: Re: server certificates/key pairs and CA directories
Next by thread: Re: certificate creation in postinst, potentially using letsencrypt script
Index(es):
- Date
- Thread