Closed sonnyp closed 2 years ago
Unfortunately https://github.com/jeansaad/chalet/issues/17 is silent to the user and because of the current design it's difficult to make it explicit.
Ideally chalet would self-heal in this case but that would introduce quite a lot of complexity.
Maybe I can add a note to the README.md
or create an issue that you can pin ?
What do you think is best?
Self signed certificate work fine (as in browser will let me proceed) with these new settings:
Chromium 90 / Fedora 34
Firefox Developer Edition 89.0b15 / Fedora 34
@sonnyp, thanks for putting in the time for this. I actually steer clear of using the self-signed certificates in chalet, mostly cause they cause a headache with things like Safari.
My personal setup is Caddy + dnsmasq, with a delegation to chalet for configurable command line reverse proxy. Probably not the easiest setup, but I wonder if there is a place here where chalet can improve on.
I'm all for adding a note in the README.md
for those that want to re-generate their certificates. It should be as simple as deleting the certs and it will get re-built.
Alternatively we can write an FAQ and link it in the README, cause this issue probably will happen when a self-signed certificate expires.
Edit: Created one here that u can link to https://github.com/jeansaad/chalet/wiki/Frequently-Asked-Questions#what-can-i-do-if-my-certificate-expires-or-i-have-a-certificate-problem
This PR solves a different problem than self signed certificates expiring.
Yes, fair enough; however, the solution to regenerate the certs is the same, no?
I understand now you were talking about letting users know how to "heal" the problem.
I've added an entry in the FAQ.
@sonnyp, this has been merged and released! Thanks for the contribution!
Fixes #17
Default keySize is 1024 which is not enough nowadays. Default algorithm is sha1 which is deprecated. https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html
See https://github.com/jfromaniello/selfsigned/blob/c5ac42bdb5949bce47679221284331cab71a1e1e/README.md#options