9 Jul
2018
9 Jul
'18
7:42 a.m.
Hello, A few comments from a novice...: * Internal "stuff" ( ca & certificates used to secure traffic between engine and hosts) should stay internal; users/admin shouldn't be aware of this. * visible "stuff" ( ca & certs used to protect UI and API) should be easily modifiable One way of fulfilling those "requirements": ** One set of key/cert files shared between "all" public endpoints ( API, UI, WEBsockets, ImageIo....) ** Easily replaceable ( eg: known file location and a matter of reloading services after having updated the files) IMHO, letstencrypt specific stuff is not needed: we could write a "plugin" for acme.sh (running on another bastion host) responsible for pushing the renewed certs on engine vm when needed.