search

google / sxg-rs

A set of tools for generating signed exchanges at serve time.
Apache License 2.0
83 stars 20 forks source link

Renew certificates using ACME #17

Open twifkak opened 3 years ago

twifkak commented 3 years ago

Add configuration parameters similar to webpkgserver to support ACME renewal of a certificate. It's not necessary to support all verification methods (DNS/HTTP/ALPN); one is sufficient (whichever is automatable).

This should include some support for monitoring that the certificate is still valid. Here are some ideas:

  1. Return an HTTP error (or JS exception?) when the certificate is expired, so it can show up in Cloudflare analytics.
  2. Document some curl | openssl command the user could run as a cron job.
  3. Let the user configure a webhook URL to be pinged when the certificate is expired.
twifkak commented 2 years ago

@antiphoton added initial support in #159. Remaining work: