Israel-Laguan
commented
2 years ago I found this amazing tutorial
Key things to consider:
- SSL logic/installation/stuff can and should be OUTSIDE the server
- There are some ready-made boilerplates for this, agnostic from server language
- can be deployed into the server as a stand-alone script
Some follow up to say a true Zero Trust should be using real keys instead of Let's Encrypt
https://smallstep.com/blog/automate-docker-ssl-tls-certificates/
Other refs:
I'd like to enable a fully automated LetsEncrypt workflow for users who do not want to manage their own keys.
With that said, for this to work I want either fully in binary LetsEncrypt client - or perhaps download one. After some searching, I quickly bumped into acme-client, and while it looks great it's also a bit stagnant. I'm concerned that if I implement this flow, I'll have to fork it and manage it myself if it becomes abandoned.
Another option I thought about is finding a no-dependency binary client and having my binary download an external asset if the user wishes to signup for LetsEncrypt.
Because I'm not familiar with LetsEncrypt, might there be something obvious I'm missing? Using acme-client is what I'm leaning towards using, with the assumption that I'll have to fork it if it is indeed abandoned. Any opinions on how you might manage this would be greatly appreciated. Thanks :)
References:
Thread in reddit: https://www.reddit.com/r/rust/comments/diehvj/easiest_way_to_embed_letsencrypt_functionality/
Using acme-lib: https://github.com/algesten/acme-lib/pull/54/files