tlhackque
commented
1 year ago Also note that each time https is enabled, the NTP2xx creates a new ACME (Let's Encrypt) account each time, which is somewhat anti-social. It should retain and re-use the account until/unless told to forget it.
Rotating TSIG keys is good hygiene.
Currently, the NTP2xx support assumes that a TSIG is permanent; one has to shut off https and start over to supply an updated one.
An SCP endpoint that allowed a replacement TSIG key to be delivered would be consistent with manual cert delivery.
It should not be necessary to manually tell the NTP2xx to take the new key. TSIG rotation is automated, scripting a command is non-trivial. There is no security issue: scp is protected by its authentication, and in any case the worst that could happen is that an invalid key would prevent cert renewal. But see the next issue...
Note that a new TSIG key does NOT imply a new cert request. Just that whenever the next renewal happens, the new key should be used.