Help test a web server with Let's Encrypt built in


#21

but that bears one problem, you dont know the consequenses of disobeying an EULA/TOS you dont even know…


#22

by the way do you have the pprivate address spaces (10.x.y.z,172.(16-32).x.y and 192.168.x.y) in the list of LE exceptions?


#23

It should be enough to let LE check that, but you could use self-signed certificate instead of errors if you’re on localhost for example.


#24

You’re right. I’m currently dealing with this by requiring the ToS URL to be passed in my client, see README. I think that’s the way other clients should use, too.


#25

well I know that I can use self signed for that but I think the client should maybe intervene already, well it probably should intervene for all IPs since LE doesnt do IPs and if that doesnt require much extra effort (like dependencies (which that certainly doesnt) checking should also be there on the client side, since that is faster and if the server tries to LE contact at every occasion to try to get its cert then well, it isnt good at best.

also does the eula/TOS even change? I mean mostly they are kept at the same place so you dont need to look for them.


#26

They may change, that’s why you need the URL.


#27

but if the tos changes and the URL doesnt, well…
and I saw many sites keeping it for example at example.com/agb (for german sites where agb is the equivalent of tos or example.com/tos or similar… it would rather be helpful if the server keeps a hash of the tos page or similar and check that.


#28

The URL contains a version and date. https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf


#29

as long as it stays this way, fine.


#30

Just released the 4th beta: https://github.com/mholt/caddy/releases/tag/v0.8-beta.4 - it supports the latest http-01 challenge and is getting close enough that I think we’ll be ready for a full release when Let’s Encrypt is generally available.

Thank you for your feedback so far - if you haven’t tried it yet, please do! Here’s some new footage of it working in real-time:


#31

you said there’s no way that caddy in windows can gracefully reload itself from the outside, does that mean it can reload itself from ITSELF (e.g. I [caddy] got a cert, checked that it works -> reload with new cert)


#32

Yes, Caddy on Windows will reload itself when it needs to, e.g. when a certificate is renewed or OCSP stapling is updated. In the next version, Caddy will have an API that will let you reload it remotely on any platform (with authentication, of course). But for now, if you need to make changes, you’ll have to restart the process yourself.


#33

well the intresting part is as far as I read on windows this involves killing and restarting itself, doesnt really seem graceful to me, or is there something on the plans that make it reload without downtime.

I dunno how it’s technically possible but if the server could start a second instance and just pass over the listener it would be great, at least it’s probably less downtime than kill and restart.


#34

AFAIK on Windows it’s not possible. But this is what Caddy does on Unix systems. Even so, on Windows, we’re talking < 2s total downtime for a restart.


#35

actually not bad.

also are the advantages of caddy against XAMPP aside from LE support and HTTP2


#36

Depends on your implementation. If the master process stays alive, it’s possible.


#37

stupid question: the 64bit windows file is called AMD64, so I assume it’s for AMD, but I have an intel 64-bit CPU (i3 3227U) can you also make an intel 64-bit version?


#38

AMD64 is another way of writing x86-64 (i.e. the 64-bit version of x86, which was initially developed by AMD, hence the name). Works just fine on any 64-bit x86 CPU.


#39

why not write just 64-bit or x64 (but I dont like the x version since 32 bit appears after 64)


#40

well I dont see any PHP together with caddy and well I have been using xampp all the time since everything I need (webserver[Apache], PHP, MySQL and sometimes FTP) is bundles together in one nice package, which in short makes this thing seriiously easy to use, since you dont need to know how to get a FastCGI Server ready and other stuff, which I dodnt do yet, and so I think for the easyness of caddy that is one of the features of this thing, it would be epic to include PHP and MySQL as plugins.