Does this package actually acquire and renew certs?

Question

Does this package actually acquire and renew certs?

Opened this issue 9 months ago · 11 comments

As per the title or do you need to manage that separately?

Answer 1 · 2023-12-08T05:58:48.000Z

When invoking LetsEncrypt.startSecureServer with requestCertificate: true and checkCertificate: true, it triggers the acquisition of a new certificate if absent or expired. Refer to the documentation for more details. It's important to note that this process occurs solely during the server's startup.

(Indeed, there is a need for updating the documentation.)

Best regards.

Answer 2 · 2023-12-08T06:26:04.000Z

So is there some path that would allow preemptive renewal. I generally renew 10 days before. It would be nice to use something like the dart Cron package to do regular checks.

…

On Fri, 8 Dec 2023, 4:58 pm Graciliano Monteiro Passos, < ***@***.***> wrote: When invoking LetsEncrypt.startSecureServer with requestCertificate: true and checkCertificate: true, it triggers the acquisition of a new certificate if absent or expired. Refer to the documentation <https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/startSecureServer.html> for more details. It's important to note that this process occurs solely during the server's startup. — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG32OFETP2HYOCPB56L2C3YIKUCFAVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWGU4DSMZUGY> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Answer 3 · 2023-12-08T07:01:55.000Z

You can call:

https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/checkCertificate.html

... with requestCertificate : true

And if it returns okRefreshed, you need to close the Server socket and re-open it.

Answer 4 · 2023-12-08T07:04:30.000Z

Also see:

https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/minCertificateValidityTime.html

Answer 5 · 2023-12-08T07:09:56.000Z

I will have a look at it. Thanks and thanks for the package.

…

On Fri, 8 Dec 2023, 6:02 pm Graciliano Monteiro Passos, < ***@***.***> wrote: You can call: https://pub.dev/documentation/shelf_letsencrypt/latest/shelf_letsencrypt/LetsEncrypt/checkCertificate.html And if it okRefreshed, you need to close the Server socket and re-open it. — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG32OBVOKQORKJZDNV5DXTYIK3O3AVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWGY2TONRQGM> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Answer 6 · 2023-12-08T08:26:17.000Z

Please, let me know if it works well.

Any contributions in the form of documentation or examples would be greatly appreciated.

Best regards

Answer 7 · 2023-12-08T08:30:04.000Z

...

https://onepub.dev 👍

Answer 8 · 2023-12-08T09:04:40.000Z

I'm not in love with a map of domains and emails being passed to startSecureServer. I'm having to dig into the example to work out what is meant to be passed. I assume its a map of domain names as the key to domainemails as the value. A list that takes a small class would make this more obvious and less error prone. I would be happy to offer up a PR with a change if its something that you would consider.

…

On Fri, Dec 8, 2023 at 7:30 PM Graciliano Monteiro Passos < ***@***.***> wrote: ... https://onepub.dev 👍 — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG32ODBWKKF4C4UI3KLCO3YILFZPAVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWG43DEMJQG4> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Answer 9 · 2023-12-08T09:09:32.000Z

I will be happy to review a PR. Just make it backward compatible.

Maybe startSecureServer (with the current parameters) should call your new function, with a better definition.

Answer 10 · 2023-12-08T11:48:41.000Z

Missed the compatibility statement, will add another entry point.

…

On Fri, 8 Dec 2023, 8:09 pm Graciliano Monteiro Passos, < ***@***.***> wrote: I will be happy to review a PR. Just make it backward compatible. Maybe startSecureServer (with the current parameters) should call your new function, with a better definition. — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG32OAX6MIMQMKKKHCIKWTYILKNNAVCNFSM6AAAAABAMEKHGOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNBWHAZDAMRTGQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

Answer 11 · 2023-12-15T22:55:55.000Z

For the moment I will leave this link here.

The handyman project demonstrates certificate renewal use a task scheduler that checks every hour if a cert needs to be renewed - renews the cert - and restarts the service with the new cert.