Mantissa support for letsencrypt

Question

Mantissa support for letsencrypt

Closed this issue 6 years ago · 4 comments

Activating this for a particular TLS port would take care of periodically renewing the certificate, most likely using tls-sni-01 verification so that the challenges can be handled through the same port, and restarting the port with the new certificate, for a completely "handsfree" operational experience.

glyph commented 9 years ago

💯

Answer 1 · 2016-02-03T06:51:14.000Z

You don't actually need to "restart" the port, because it is at least hypothetically possible to start responding to clientConnectionForTLS and serverConnectionForTLS with connection objects bound to new contexts.

Answer 2 · 2016-02-03T06:53:45.000Z

I guess assuming we're using txsni for this, we just need to swap out the certificate in txsni's certificate mapping structure.

Answer 3 · 2018-08-03T03:53:04.000Z

You can use the txacme le: endpoint for this (sort of, see twisted/txacme#129 and #54)