Btw I also want one server to be able to proxy requests to lets encrypt or serve certs from cache. This so that multiple instances of CoreDNS (or whatever) only request one cert and share that among themselves.
This is a discussion for another topic, but this involves a TLS Storage plugin type, which is something that will be coming soon.
Yes, I’m not too familiar with the impl. of the Storage plugin, but I saw bits from the discussion. I’m not sure the approach sketched out there will work, specially:
- usable over the internet
- authentication
- encryption of the transport
I’m exploring what I need in this repo/text: https://github.com/miekg/rfc/blob/master/rfc-2.md.txt
(pondering if I like or dislike this RFC approach)
If it helps, TLS storage plugins must implement this interface: https://github.com/mholt/caddy/blob/c0ce2b1d50b7ed78199776ea791a999500d3e863/caddytls/storage.go#L31
Although I hope that we don’t have to add more methods to this once we are finished; I already have to add methods to handle cached OCSP staples.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.