Comments (8)
Hi,
The ACME protocol will make sense for issuing certificates for any TLS service, but the Let's Encrypt certificate authority will have to make a policy decision about whether to issue these certificates and whether or how to support their associated validation methods.
If any CA, including the Let's Encrypt CA, agrees to issue certs for these other services through ACME, we'll need to extend the client in another direction to help system administrators take advantage of that. I think you can expect to see (and participate in) further discussions on this topic after public certificate issuance for web sites is up and running.
from certbot.
I agree that the website certs should be done first, to iron out the kinks, but in my opinion, certs for mail servers are possibly more important than web servers, as people often use email for sensitive communications.
from certbot.
There is plenty of mail servers (Outlook, Postfix, Dovecot, Citadel ...). Which one(s) will you support?
from certbot.
Since the initial Let's Encrypt CA will be focused on serving certificates for webservers. When the time comes there will be plenty of open discussions regarding policy.
from certbot.
EFF actually has another project looking at security policy mechanisms for STARTTLS in SMTP delivery.
https://github.com/EFForg/starttls-everywhere
That shouldn't affect whether the Let's Encrypt CA will eventually do certificates for non-HTTPS protocols, but it's something people who are responsible for SMTP servers may also find interesting.
from certbot.
Good to know, I hadn't seen that yet, thanks!
from certbot.
Certificates for mail servers are not materially different from those used for web servers. If you have control of port 443 on the box hosting your mail server (or any host at that DNS address), it should be straightforward to acquire a certificate through the normal means, and then use that certificate in your MTA.
The same should be true of XMPP and IMAP.
from certbot.
To answer the question more directly: Yes, absolutely one could create a client that does the automated certificate acquisition and server setup for various types of servers, provided port 443 is accessible. As part of the STARTTLS Everywhere project, I will probably write one for Postfix. For other server software, like XMPP and IMAP, we will probably leave it up to the community to do the autoconfiguration.
from certbot.
Related Issues (20)
- Combine pem files HOT 2
- Use 308 Redirect to keep Request Method #7407 HOT 1
- Nessus Found Vulnerability: SSL Certificate Cannot Be Trusted HOT 1
- Muilti Domains with -D but only get one cert? HOT 6
- Need consistent approach in using pre/post/deploy hooks with certonly and renew subcommands
- Update Python version in snaps before October
- Custom DNS server for domain resolution only without DNS authentication HOT 2
- Investigate nightly CI failures HOT 1
- --no-auto-renew flag results in manual renew failure with misleading error message HOT 1
- How do I fix Some challenges have failed. HOT 1
- Revocation Reason Should be Requested HOT 1
- Support for Angie (nginx) HOT 2
- certbot-dns-ovh: old DNS entries are not removed, leading to a renewal failure HOT 3
- snapcraft builds: rewrite build_remote.py to be resilient to snapcraft output changes
- upgrade dependencies
- upgrade openssl in our docker images
- stop releasing the windows installer HOT 2
- Look into replacing Boulder tests w/ Pebble tests (or removing it entirely) HOT 4
- live/example.com is not updated atomically HOT 1
- 'dict' object has no attribute 'newNonce'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot.