w2c/letsencrypt-esxi

Search for config files as well in /etc/w2c-letsencrypt, as /opt doesn't persist easily

NateTheSage opened this issue · 2 comments

NateTheSage commented

So I've been playing with this for the last couple of days with a LabCA instance I set up on my local network. (Highly recommended, by the way, this tool is AWESOME!) This works out wonderfully! I can finally have a trusted cert that I can keep track of via my own ACME-style CA! It's quite literally fire and forget! I've only got one public IP on my network to play with, so this is the next best thing for me in lieu of LetsEncrypt.

My only issue with this thus far is I have to adjust the configuration in order for this to work on my net, and putting my config file and root/intermediate cert chain in /opt/w2c-letsencrypt obviously doesn't stick around past a reboot.

Would you be inclined to include searching in a directory that does persist, say, /etc/w2c-letsencrypt, for config files as well? I know it could be easy to just do this off a datastore, but I'm already redlining mine as it is, and it shouldn't be too much of a challenge to put this into a place able to be saved to the state file, just in case something happens.

I'd be happy to submit a pull request! Shouldn't take more than a few minutes at last glance to include this functionality.

NateTheSage commented

Added the pull request, just a couple of variable adds.

Churro commented

So if I get you correctly, you'd like to generalize the tool to work with any ACME-based CA?
The main use-case of this project is to integrate nicely with Let's Encrypt and therefore it is aligned for that.

On a standard setup of ESXi the config file and cert chain survives reboots without problems, so I don't really see the need to add another config directory. During testing, I found that /etc/w2c-letsencrypt would get purged in case of ESXi upgrades, while /opt/w2c-letsencrypt remains.

Anyway, great to hear it works with your LabCA instance too with just a few modifications. Still, I'd like to keep this focused on Let's Encrypt, as it is a very individual use-case to run this with a private ACME CA.