Generate a new certificate when a host is added to a project
qbi opened this issue · 3 comments
qbi commented
Recently I wanted to add a domain to a already existing project. I did:
eotk genkey
- Entered the output from above to
oldproject.conf
. A line likehardmap secrets.d/OUTPUT domainname
. - Issued
eotk config oldproject.conf
eotk restart oldproject
I was able to use the onion servie, but got a warning about the certifificate. The certificate just used the old onion service name, but not the newly created ones.
I'd have expected that running config
also creates a new certificate. Could this be changed or is it intentional?
alecmuffett commented
Ooh, that's a good idea. I will have to think about how to do it in the least annoying way.
I think you are right that config should make new certificates, but only upon significant change.
alecmuffett commented
the current mechanism exists to minimise the amount of time spent playing certificate whackamole
alecmuffett commented
needs revisiting