search

gmpassos / shelf_letsencrypt

Let's Encrypt support for the shelf package (free and automatic HTTPS certificate support).
Apache License 2.0
8 stars 3 forks source link

Does this package actually acquire and renew certs? #5

Open bsutton opened 9 months ago

bsutton commented 9 months ago

As per the title or do you need to manage that separately?

gmpassos commented 9 months ago

When invoking LetsEncrypt.startSecureServer with requestCertificate: true and checkCertificate: true, it triggers the acquisition of a new certificate if absent or expired. Refer to the documentation for more details. It's important to note that this process occurs solely during the server's startup.

(Indeed, there is a need for updating the documentation.)

Best regards.

bsutton commented 9 months ago

So is there some path that would allow preemptive renewal.

I generally renew 10 days before.

It would be nice to use something like the dart Cron package to do regular checks.

On Fri, 8 Dec 2023, 4:58 pm Graciliano Monteiro Passos, < @.***> wrote:

When invoking LetsEncrypt.startSecureServer with requestCertificate: true and checkCertificate: true, it triggers the acquisition of a new certificate if absent or expired. Refer to the documentation https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/startSecureServer.html for more details. It's important to note that this process occurs solely during the server's startup.

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/5#issuecomment-1846589346, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OFETP2HYOCPB56L2C3YIKUCFAVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWGU4DSMZUGY . You are receiving this because you authored the thread.Message ID: @.***>

gmpassos commented 9 months ago

You can call:

https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/checkCertificate.html

... with requestCertificate : true

And if it returns okRefreshed, you need to close the Server socket and re-open it.

gmpassos commented 9 months ago

Also see:

https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/minCertificateValidityTime.html

bsutton commented 9 months ago

I will have a look at it.

Thanks and thanks for the package.

On Fri, 8 Dec 2023, 6:02 pm Graciliano Monteiro Passos, < @.***> wrote:

You can call:

https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/checkCertificate.html

And if it okRefreshed, you need to close the Server socket and re-open it.

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/5#issuecomment-1846657603, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OBVOKQORKJZDNV5DXTYIK3O3AVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWGY2TONRQGM . You are receiving this because you authored the thread.Message ID: @.***>

gmpassos commented 9 months ago

Please, let me know if it works well.

Any contributions in the form of documentation or examples would be greatly appreciated.

Best regards

gmpassos commented 9 months ago

...

https://onepub.dev 👍

bsutton commented 9 months ago

I'm not in love with a map of domains and emails being passed to startSecureServer.

I'm having to dig into the example to work out what is meant to be passed.

I assume its a map of domain names as the key to domainemails as the value.

A list that takes a small class would make this more obvious and less error prone.

I would be happy to offer up a PR with a change if its something that you would consider.

On Fri, Dec 8, 2023 at 7:30 PM Graciliano Monteiro Passos < @.***> wrote:

...

https://onepub.dev 👍

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/5#issuecomment-1846762107, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32ODBWKKF4C4UI3KLCO3YILFZPAVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWG43DEMJQG4 . You are receiving this because you authored the thread.Message ID: @.***>

gmpassos commented 9 months ago

I will be happy to review a PR. Just make it backward compatible.

Maybe startSecureServer (with the current parameters) should call your new function, with a better definition.

bsutton commented 9 months ago

Missed the compatibility statement, will add another entry point.

On Fri, 8 Dec 2023, 8:09 pm Graciliano Monteiro Passos, < @.***> wrote:

I will be happy to review a PR. Just make it backward compatible.

Maybe startSecureServer (with the current parameters) should call your new function, with a better definition.

— Reply to this email directly, view it on GitHub https://github.com/gmpassos/shelf_letsencrypt/issues/5#issuecomment-1846820234, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG32OAX6MIMQMKKKHCIKWTYILKNNAVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWHAZDAMRTGQ . You are receiving this because you authored the thread.Message ID: @.***>

bsutton commented 8 months ago

For the moment I will leave this link here.

The handyman project demonstrates certificate renewal use a task scheduler that checks every hour if a cert needs to be renewed - renews the cert - and restarts the service with the new cert.