Open bsyk opened 7 years ago
lmsurpre
commented
7 years ago The log-watching approach is the same one we took in https://github.com/ibmjstart/bluemix-letsencrypt ...just keep in mind that CF Loggregator can be lossy and so make sure to have timeout in case the line(s) you're waiting for are mysteriously missing (shouldn't be common, but we've seen it).
bsyk
commented
7 years ago What do you think about using the Python web server to handle all the comms with the service? When pushing the app, we could set a random secret so that the session is secured. Then use either a websocket or polling to check status and even download the certificates. This would also get around the DEA vs Diego issues, both can be treated the same.
The scripts should fetch the certificates for me. Watch the logs, once the certificate generation has completed, download them to the local machine and terminate the CF app (for cost saving).