DietPi-LetsEncrypt | Add multi-domain + standalone + OCSP + Lighttpd IPv6 #4220
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+ DietPi-LetsEncrypt | Allow running Cerbot in standalone mode when no webserver was detected, e.g. when the certificate are required for other installed web applications + DietPi-LetsEncrypt | Detect installed webservers via their systemd unit, as this is what is required to correctly start/stop/restart it + DietPi-LetsEncrypt | Allow to toggle OCSP stapling + DietPi-LetsEncrypt | Do not start/stop/restart all services in general but only those where changes have been applied + DietPi-LetsEncrypt | Abandon the log file. It basically needs to be called interactively to do inputs, the automated run can only work if inputs have been done before and basically lost its purpose as its not used anymore for certificate renewals like years ago.
+ DietPi-LetsEncrypt | Fix input boxes, remove dedicated function + DietPi-LetsEncrypt | Do not store settings before anything has been changed or applied. If Cerbot is not executed, its better to load fresh (DietPi version based) defaults on next execution rather than the probably changed previously stored defaults. + DietPi-LetsEncrypt | Use exit codes when executing non-interactively
+ DietPi-LetsEncrypt | To no show whiptail error prompt when Certbot fails, executed from menu. A "read -p" allows to review the console output and see the always printed "G_DIETPI-NOTIFY 2" error message. The whiptail, depending on terminal, can overwrite the Certbot output. Also do not try to show the exit code, as we do not store it anymore.
+ DietPi-LetsEncrypt | Disable deprecated TLS versions 1.0 and 1.1 on Lighttpd from Buster on. The Lighttpd v1.4.45, shipped with Debian Stretch, this is not possible yet. + DietPi-LetsEncrypt | Enable HTTPS for IPv6. It is added statically, which works fine as long as the kernel feature/module has not been disabled. But there are other cases where the disabled kernel feature causes issues, which is the reason we disable IPv6 only via sysctl. We can switch to dynamic IPv6 HTTPS, if we receive related reports from users, but those who manually disable the IPv6 kernel feature or blacklist the kernel module (where it is a module only) will likely know how to fix it themselves. This solves #1840.
MichaIng
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status: Ready
Commit list/description: