[fpc-devel] Let's Encrypt cert and mantis.freepascal.org

silvioprog silvioprog at gmail.com
Wed May 3 01:30:39 CEST 2017

On Tue, May 2, 2017 at 6:59 PM, Michael Van Canneyt <michael at freepascal.org>

> On Tue, 2 May 2017, Tomas Hajny wrote:
>> On Tue, May 2, 2017 19:20, Michael Van Canneyt wrote:
>>> On Tue, 2 May 2017, Dimitrios Chr. Ioannidis via fpc-devel wrote:
>> Hi Michael,
Hello dudes,

>   is it possible to add the domain mantis.freepascal.org in the let's
>>>> encrypt cert or change the subversion bugtrack:url property from
>>>> mantis.freepascal.org to bugs.freepascal.org ?
>>> Changed the bugtraq:url. Revision 36062.
>> That's probably good as the fastest / short-term solution, but as long as
>> both DNS records are valid and point to the same IP address (and http
>> access to both is redirected to the https version), the certificate should
>> cover both domain names as well.
> That mayb be so, but I have no idea how to do this.

Which client was used in the challenge, certbot? It allows to specify many
domains (however, I'm using acme-client today, but some time ago I used
certbot and got success with sub-domains too, eg: www.mydomain.com,
smtp.mydomain.com, docs.mydomain.com etc.).

As far as I know, lets encrypt does not support wildcard certificates.
> Michael.

I have some knowledge about this issue and I would be glad to help on that.

I've replaced certbot with acme-client because it have just some KBs
against many MB of certbot and its dependencies. Acme-client was written in
C, and its dependencies are just libbsd and libressl.

I did some changes in my copy to make it working in my Ubuntu Server
16.04, and I created a cron job that checks twice a day (time recommended
by certbot/acme-client team) if the certificate is still valid.

Silvio Cl├ęcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-devel/attachments/20170502/eb6245bb/attachment.html>

More information about the fpc-devel mailing list