- Status Closed
- Percent Complete
- Task Type Security Issue
- Category Any
-
Assigned To
Emulatorman - Operating System All
- Severity High
- Priority High
- Reported Version Any
- Due in Version Starfix
-
Due Date
Undecided
- Votes
- Private
Opened by belette - 18/10/2018
Last edited by Emulatorman - 04/02/2019
FS#1229 - [certbot] version 0.23 is not giving the option to keep privkey during renew
Description:
Common use case is to have a reverse proxy managing the certificates from let’s encrypt.
If a backend server (behind the reverse proxy) needs to use SSL certificates, this requires to use certbot on the reverse proxy, generate the certificate and to move private key from the reverse proxy to the backend server.
There is another way: sharing NFS drive between servers but this breaks all the security best practices!
Today the “best” way is to SCP the private keys from a the reverse proxy to the backend server, this is not the best way and this needs to be repeated every 3 months before let’s encrypt certificate expires, moving the private key is not a best practice either.
version 0.24 brings a new function --reuse-key to reuse the same private key to renew the certificate, so this private key can stay to the backend server and no need to copy the new private key from the reverse proxy to the backend server because it was not changed during the renew.
04.02.2019 10:48
Reason for closing: Fixed
Additional comments about closing:
certbot has been upgraded to 0.28.0 → https://git.hyperbola.inf o:50100/packages/community.git/commit/?i d=3006ad5df28cba326aac706773c57e89c75076 5e
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task