gregtwallace / certwarden

Cert Warden is a centralized ACME Client. It provides an API for certificate consumers to fetch their individual keys and certs with API keys.
https://www.certwarden.com/
Other
233 stars 7 forks source link

Set dns provider via ui #20

Closed Parlendir closed 1 year ago

Parlendir commented 1 year ago

Hello. I'm aware that this suggestion would certainly involve significant development, but would it be possible to have a configuration via the interface for dns providers rather than having to go through a configuration file?

This suggestion came about after reading this block

https://github.com/azukaar/cosmos-Server/#lets-encrypt

gregtwallace commented 1 year ago

I understand the desire to not need to edit the config file manually, that’s definitely on my to do list.

I’m not understanding the connection to Cosmos though. If you’re using Cosmos it sounds like you wouldn’t be using LeGo Certhub. I’m not familiar with that application though, so perhaps I’m mistaken.

Parlendir commented 1 year ago

Thank you for your reply. I think it's a very good feature to have in your application.

I'm not a Cosmos user, I simply cited this project as an example because the use case requested in this ticket is implemented there. I'm in favor of having a service to fulfill a function, and that's why your project is particularly interesting.

noseshimself commented 1 year ago

I understand the desire to not need to edit the config file manually, that’s definitely on my to do list.

It's rather a case of "it's not exposed on your Docker release. You could of course accept an externally mounted config.yml, too, as well as certificate files to avoid a chicken/egg problem on the first use (you can't even change your password at that point).

gregtwallace commented 1 year ago

I've done a lot of the work to get this implemented. I'm currently on vacation but I'll finish it when I get back. You can edit the config file directly within the Docker mount.

I'll need to contemplate strategies for key/cert externally and keeping in sync with the database.

noseshimself commented 1 year ago

I'll need to contemplate strategies for key/cert externally and keeping in sync with the database.

Why not copy from certbot and create one directory per certificate name and copy all of the versions there? If you want to be nice, offer a "purge" button, too. I don't see a good reason keeping the blobs in the database.

I'm rather certain you will need to introduce some kind of "domain name" objects that are connected to certificate names sooner or later anyway (e. g. for specification of verification methods) and at that point things will get easier if you keep the certificates outside, especially if you need to repack them for the destination (i. e. combine private and key and certificate in one file for miniserv/webmin, generate a p12 for Windows... I'd do that on the fly when it is necessary).

gregtwallace commented 1 year ago

The original feature request has been implemented in 0.13.1.