mxsasha
commented
6 months ago I think it's nice to allow it in any non-production setting. Enabling it for too many situations may also lead to expiry warning fatigue?
Open bwbroersma opened 6 months ago
mxsasha
commented
6 months ago I think it's nice to allow it in any non-production setting. Enabling it for too many situations may also lead to expiry warning fatigue?
bwbroersma
commented
6 months ago Decided it's just a documentation issue + update our own production env configuration.
One could easily setup Let's Encrypt (LE) without providing
LETSENCRYPT_EMAIL, which would result in running certbot with--register-unsafely-without-email: https://github.com/internetstandards/Internet.nl/blob/86b39d62f89a916823792852d8040fb84f4c60a8/docker/webserver/certbot.sh#L11-L15The result is that no expiration emails would be send by LE. I think this should not be a preferred option for production stuff, but maybe this is preferred for testing/etc., but then it should have this check in it too?