openwrt-packages

History

Leonardo Mörlein 7d17bbdc41 uacme: add use_auto_staging Staging certificates have the advantage that their retry limits are loose. Therefore they can be obtained quickly when automatic retries are used. Unfortunately they can not be used for deployments because their CA is not accepted by clients. Production certificates do not have this limitation, but their retry limits are strict. For production certificates, automatic retries can only be performed a few times per hour. This makes automatic obtainment of certificates tenacious. With use_auto_staging=1, the advantages of the two certificate types are combined. Uacme will first obtain a staging certificate. When the staging certificate is successfully obtained, uacme will switch and obtain a production certificate. Since the staging certificate has already been successfully obtained, we can ensure that the production certificate is successfully obtained in the first attempt. This means that "retries" are performed on the staging certificate and the production certificate is obtained in the first attempt. In summary, this feature enables fast obtaining of production certificates when automatic retries are used. By default, this feature is set to use_auto_staging=0, which means that uacme will behave as before by default. Signed-off-by: Leonardo Mörlein <git@irrelefant.net>	2021-04-24 01:16:57 -07:00
..
files	uacme: add use_auto_staging	2021-04-24 01:16:57 -07:00
Makefile	uacme: update to 1.7	2021-02-28 17:51:05 -08:00

Leonardo Mörlein 7d17bbdc41 uacme: add use_auto_staging

Staging certificates have the advantage that their retry limits are loose.
Therefore they can be obtained quickly when automatic retries are used.
Unfortunately they can not be used for deployments because their CA is not
accepted by clients. Production certificates do not have this limitation, but
their retry limits are strict. For production certificates, automatic retries
can only be performed a few times per hour. This makes automatic obtainment of
certificates tenacious.

With use_auto_staging=1, the advantages of the two certificate types are
combined. Uacme will first obtain a staging certificate. When the staging
certificate is successfully obtained, uacme will switch and obtain a production
certificate. Since the staging certificate has already been successfully
obtained, we can ensure that the production certificate is successfully
obtained in the first attempt. This means that "retries" are performed on the
staging certificate and the production certificate is obtained in the first
attempt.

In summary, this feature enables fast obtaining of production certificates when
automatic retries are used.

By default, this feature is set to use_auto_staging=0, which means that
uacme will behave as before by default.

Signed-off-by: Leonardo Mörlein <git@irrelefant.net>

2021-04-24 01:16:57 -07:00

files

uacme: add use_auto_staging

2021-04-24 01:16:57 -07:00

Makefile

uacme: update to 1.7

2021-02-28 17:51:05 -08:00