search

cockpit-project / cockpit-certificates

(IN PROGRESS) certificate management plugin for cockpit
GNU Lesser General Public License v2.1
65 stars 13 forks source link

Support for Let's Encrypt #105

Open acerspyro opened 1 year ago

acerspyro commented 1 year ago

Is Let's Encrypt support a possibility?

IPA doesn't seem to work here.

image

Cheers!

skobyda commented 1 year ago

I believe it could be possible. Although it would require a lot of work to integrate a different set of APIs all throughout the project. So certainly this is a big scope request. We have basically all of the APIs endpoints which we use listed in wrappers in here: https://github.com/cockpit-project/cockpit-certificates/blob/master/src/dbus.js So I would start by writing similar wrappers, which however would call certbot instead of certmonger, and probably thru CLI since it seems certbot doesn't have dbus APIs. But otherwise, the certbot is quite similar to certmonger with its CLI options: "certbot run" (request), "certbot renew", "certbot revoke", "certbot delete"....

I don't see anything blocking this feature, it's certainly possible, but quite a big scope.

MrGrymReaper commented 10 months ago

I believe it could be possible. Although it would require a lot of work to integrate a different set of APIs all throughout the project. So certainly this is a big scope request. We have basically all of the APIs endpoints which we use listed in wrappers in here: https://github.com/cockpit-project/cockpit-certificates/blob/master/src/dbus.js So I would start by writing similar wrappers, which however would call certbot instead of certmonger, and probably thru CLI since it seems certbot doesn't have dbus APIs. But otherwise, the certbot is quite similar to certmonger with its CLI options: "certbot run" (request), "certbot renew", "certbot revoke", "certbot delete"....

I don't see anything blocking this feature, it's certainly possible, but quite a big scope.

Actually FreeIPA has fairly recently gained the capacity to utilise the "ACME" protocol. It's this protocol which Let's Encrypt and several other Certificate Authorities (CA) utilise for certificate activities.

jtmusselman commented 8 months ago

Actually FreeIPA has fairly recently gained the capacity to utilise the "ACME" protocol. It's this protocol which Let's Encrypt and several other Certificate Authorities (CA) utilise for certificate activities.

What work would it take to implement this @MrGrymReaper @skobyda?