This version (2017/05/27 13:44) is a draft.
Approvals: 0/1

[04:30:02] <ano> Is it possible to generate clients in other languages other than javascript for a service proxy?

[08:17:18] *** ChanServ sets mode: +o temporalfox

[09:23:53] <xkr47> temporalfox, brainstorming letsencrypt/acme configuration: https://gist.github.com/xkr47/284c5092c617779083f1ae957c7e2e6c :)

[09:24:45] <temporalfox> do you plan building a reusable component for the community ?

[09:29:39] <xkr47> I feel like it at the moment at least lol

[09:29:54] <xkr47> I don't know if I can separate the SNI support from it tho

[09:31:24] <xkr47> I mean it requires dynamic keystore reconfiguration and my SNI thing does that by using a custom CertOptions thingy (the one you looked a week ago)

[09:32:24] <xkr47> I'm using the acme4j component to communicate with letsencrypt

[09:38:03] <xkr47> it's good but blocking.. but this is pretty cold-path code so I don't know if it matters that much.. the lib has a nice api

[09:39:11] <xkr47> (it will use one worker thread for some 10-20 seconds once every few months, per hostname)

[09:40:21] <xkr47> so what my code is doing is integrate the acme4j lib with my dynamic certificate thingy to be able to create & renew certificates on the fly without downtime and without requiring service on port 80

[09:41:46] <xkr47> so you open up port 443 from the firewall, configure the certs for example with the linked json thingy, launch the server and never need to restart it again at least when it comes to letsencrypt/acme support

[09:49:37] <xkr47> my current work is available in this branch, it's just getting ready to handle a single certificate: https://github.com/NitorCreations/nitor-backend/tree/letsencrypt