karmatr0n
commented
8 years ago Hi @claudijd,
We already are getting the XML files over https connections. @jnahorny fixed that some days ago.
https://github.com/SpiderLabs/cve_server/pull/17/commits/a9d6b4a62c1ad0e6172d923a274ea5c9d233d857
We are need are gonna dig on the acme-client.
Thank you for the advice.
Cheerz Sr. Claudius
Creating this because I noticed all the default URLs are HTTP, which could be MiTM'd.
Maybe cve_server could be adapted to support LetsEncrypt using something like this:
https://github.com/unixcharles/acme-client
By default maybe it could serve a self-signed certificate as a fall-back, but there could be a STDERR/STDOUT nag upon invocation for setting the users specific LetsEncrypt API key.