Generate a new certificate when a host is added to a project

Question

Generate a new certificate when a host is added to a project

qbi opened this issue 7 years ago · 3 comments

Recently I wanted to add a domain to a already existing project. I did:

eotk genkey
Entered the output from above to oldproject.conf. A line like hardmap secrets.d/OUTPUT domainname.
Issued eotk config oldproject.conf
eotk restart oldproject

I was able to use the onion servie, but got a warning about the certifificate. The certificate just used the old onion service name, but not the newly created ones.

I'd have expected that running config also creates a new certificate. Could this be changed or is it intentional?

Answer 1 · 2018-02-25T18:19:44.000Z

Ooh, that's a good idea. I will have to think about how to do it in the least annoying way.

I think you are right that config should make new certificates, but only upon significant change.

Answer 2 · 2018-02-25T18:20:55.000Z

the current mechanism exists to minimise the amount of time spent playing certificate whackamole

Answer 3 · 2019-07-04T22:36:44.000Z

needs revisiting