search

alecmuffett / eotk

Enterprise Onion Toolkit
GNU General Public License v3.0
771 stars 103 forks source link

Generate a new certificate when a host is added to a project #27

Open qbi opened 6 years ago

qbi commented 6 years ago

Recently I wanted to add a domain to a already existing project. I did:

  1. eotk genkey
  2. Entered the output from above to oldproject.conf. A line like hardmap secrets.d/OUTPUT domainname.
  3. Issued eotk config oldproject.conf
  4. eotk restart oldproject

I was able to use the onion servie, but got a warning about the certifificate. The certificate just used the old onion service name, but not the newly created ones.

I'd have expected that running config also creates a new certificate. Could this be changed or is it intentional?

alecmuffett commented 6 years ago

Ooh, that's a good idea. I will have to think about how to do it in the least annoying way.

I think you are right that config should make new certificates, but only upon significant change.

alecmuffett commented 6 years ago

the current mechanism exists to minimise the amount of time spent playing certificate whackamole

alecmuffett commented 5 years ago

needs revisiting