mirror of https://github.com/perkeep/perkeep.git
c55c8602d3
Or to be more precise, golang.org/x/crypto/acme/autocert The default behaviour regarding HTTPS certificates changes as such: 1) If the high-level config does not specify a certificate, the low-level config used to be generated with a default certificate path. This is no longer the case. 2) If the low-level config does not specify a certificate, we used to generate self-signed ones at the default path. This is no longer always the case. We only do this if our hostname does not look like an FQDN, otherwise we try Let's Encrypt. 3) As a result, if the high-level config does not specify a certificate, and the hostname looks like an FQDN, it is no longer the case that we'll generate a self-signed. Let's Encrypt will be tried instead. To sum up, the new rules are: If cert/key files are specified, and found, use them. If cert/key files are specified, not found, and the default values, generate them (self-signed CA used as a cert), and use them. If cert/key files are not specified, use Let's Encrypt if we have an FQDN, otherwise generate self-signed. Regarding cert caching: On non-GCE, store the autocert cache dir in osutil.CamliConfigDir()/letsencrypt.cache On GCE, store in /tmp/camli-letsencrypt.cache Fixes #701 Fixes #859 Change-Id: Id78a9c6f113fa93e38d690033c10a749d1844ea6 |
||
|---|---|---|
| .. | ||
| appengine | ||
| camlistored | ||
| camnetdns | ||
| gae-py-blobserver | ||
| sigserver | ||
| tester | ||
| .gitignore | ||