top | item 45612978

(no title)

ryangibb | 4 months ago

Author of Eon here, there's still some open questions I have here about managing the lifetimes of these certificates. Renewal is supported via a Capnproto callback and there's some ad-hoc integration in with NixOS nginx to restart it on a certificate renewal. https://github.com/RyanGibb/eon/blob/3a3f5bae2b308b677edfb3f...

This doesn't work in the general case, e.g. for postfix and dovecot, and is only becoming more pertinent with short lived certificates. It would be great if the service manager could use these capabilities directly. I think GNU Shepard's integration with Guile Goblins and OCapN is a step in the right direction here: https://spritely.institute/news/spritely-nlnet-grants-decemb...

I've written a little more about this here: https://ryan.freumh.org/eilean.html

discuss

No comments yet.