Use ACME certs everywhere #140
Labels
No Label
dns
exploration
gitea
mail
new stuff
services
software
art
backup
big
blocked
bug
crash report
disputed
documentation
duplicate
enhancement
good first issue
logging
nixos
question
salt
security
servers n' hardware
wontfix
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Drift/issues#140
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We recently discovered that using ACME certs isn't such a big deal for our internet landlords as we previously thought. Let's switch everything out for nixos acme and/or certbot, so we don't need to deal with no more manual certificate requests and installation.
Have we been in any correspondance, or do we simply interpret silence as a good thing?
@felixalb
This is based in the fact that several departments at NTNU, including the IT department, officially use LetsEncrypt in a several places, with no current plans of changing that. If they can do it, and we haven't been told anything else, we can do it.
However, against the wording of the OP, the ACME protocol has never been the problem, the problem is that we have been told that the security department have considered enforcing CAA records on the .ntnu.no. domain only allowing GEANT / Sectigo to sign certs for the domain, but not LE.
If this were to happen in the future, we could consider one of the following: