Open FiloSottile opened 6 years ago
This sounds like a a fun idea, although we don't use short-lived certs on badssl.com right now. Do you know of a good ACME client for nginx with minimal configuration?
There seem to be many that can work with external programs or cron jobs, but something with minimal maintenance like Caddy is probably the most practical.
That said, anything that works reliably on docker/server should be fine if we document it.
Certbot is a popular option for cronjobs, but Caddy runs perfectly in Docker, and a Caddyfile like this is all it takes, plus wiring port 80 (for the challenge) and 443 up.
le-staging.badssl.com {
tls you@example.com {
ca https://acme-staging-v02.api.letsencrypt.org/directory
}
proxy / localhost:80 {
transparent
}
}
If @christhompson can deploy it, I'm all for a PR to support this! :-D
Do you know of a good ACME client for nginx with minimal configuration?
How about acme.sh? It only needs bash and cron as I think
An endpoint with a certificate from the Fake Let's Encrypt CA would be nice to check for systems that trust it. https://letsencrypt.org/docs/staging-environment/