[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

certificate creation in postinst, potentially using letsencrypt script

Does anybody prefer to see packages create certificates during postinst
or is there any preference not to try that and let people do so manually?

The Let's Encrypt CA also has a client utility, letsencrypt[1], that
could be very useful from the postinst script.

With any CA, there can sometimes be a delay between the moment when
somebody submits a CSR and when they receive their certificate, it
obviously wouldn't be desirable for postinst to be hanging on if it
takes hours or days for the CA to respond.

This also relates to the location of certificates and keys on Debian,
something I raised in another thread[2]

I've been thinking about this for some time for the SIP and XMPP
packages but obviously there are many others that could use this.

1. https://letsencrypt.org/howitworks/

2. https://lists.debian.org/debian-devel/2015/07/msg00024.html

Reply to: