Comments (7)
That’s a reasonable request, but let me explain why I didn’t do that originally.
Normally you want to deploy the same code everywhere and have configuration control which endpoints the code is talking to. So in a test environment, you connect to the test login vip, but in a production environment you’d connect to the production login vip (for example.)
I don’t think this is true for this code. I think - unless you’re a developer making changes to the library itself - you always want to be connecting to the production Let’s Encrypt servers and never the staging servers, even in a test environment. This is because the library simply doesn’t work unless publicly facing DNS allows a Let’s Encrypt system (production or staging) to connect to a host on the internet. There’s no way for Let’s Encrypt (production or staging) to complete certificate issuance unless this is true. And if it’s true, there’s no reason not to simply connect to the production Let’s Encrypt instances.
Now, there is one reason I can think of why my argument above might be in error: the staging rate limits are different than the production rate limits and a test environment might break if pointed at production Let’s Encrypt. That strikes me as pretty unlikely, but let me know if that’s your concern.
On the other hand, there is an advantage to not having this be controlled by configuration; namely it’s much harder to screw up.
Let me know your thoughts. At the moment I think it's not a great idea, but I’m not totally closed minded although I’d want an explanation of a reasonable use case.
from acme-lw.
I appreciate the thoughtful reply.
A few thoughts:
- I think it isn't just for developer for
acme-lw
, but also for integrators (which is what I would classify myself), that you would want the staging environment. - The rate limiting is main concern of the two concerns - since I'm experimenting with getting this hooked up to my frontend / storage, I want to iterate and try many times - without hitting the prod rate limit.
- The other piece is that since I'm using staging, I'm able to test the whole flow without having to have amazing operation security for my private keys - since the certificates do not have a chain of trust to a root CA. To be precise, if my secret key was discovered by someone, they won't have any root-CA verified certs to go with it. I'm not certain how much this matters, but it seems like a low-cost benefit.
And to be honest, I'm new to this space, so I may misunderstand something. :)
from acme-lw.
That last point hadn't occurred to be and I agree it's a legitimate concern. I'm tied up right now but I'll make a change 'shortly'. (Probably before the weekend?)
from acme-lw.
I looked at your initial implementation suggestion. Couldn't the init call take the environment? Would anything need to switch back and forth between environments on a per AcmeClient basis?
from acme-lw.
Having init
take the choice sounds good to me.
No particular rush on my side, but will enjoy the feature when it lands. :)
from acme-lw.
Change checked in.
from acme-lw.
Thanks for the fast help! Switched to using it.
from acme-lw.
Related Issues (13)
- Failed with error: Response code of 403 contacting https://acme-v01.api.letsencrypt.org/acme/new-authz HOT 2
- Support challenge types other than http-01 HOT 3
- How to get Pem file HOT 1
- Fix openssl 3 warnings HOT 1
- Compilation fails under std=c++20 HOT 3
- URL constants seem backwards? HOT 1
- ACMEv2 support HOT 2
- nlohmann::json::parse HOT 2
- Failed with Response code of 400 ... HOT 3
- 405 malformed against staging HOT 3
- Freebsd build HOT 4
- Does not compile HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-lw.