Comment by mholt

Comment by mholt 2 days ago

AFAIK, Caddy is the only integrated ACME client that is tuned for short-lived certificates. All its own self-signed certs are already 24-hour certificates, so 6-day certs will be no problem.

yjftsjthsd-h 2 days ago

Why would that matter? Replacing the cert and sighup'ing nginx or whatever isn't functionally different from doing it in-process.

Reply View 4 replies

apitman 2 days ago

As someone who has rolled my own cert updates and used Caddy, I much prefer the Caddy way.

Reply View | 1 reply
- yjftsjthsd-h 2 days ago
  
  I'm happy to agree that caddy is easier, but the claim here is that it's "tuned for short-lived certificates", which... I guess could be true, but I seriously doubt that it's meaningful (on the basis that reloading certs isn't exactly expensive on any other major web server, so even if the most obvious interpretation is true and the made it take, say, 100 ms instead of 1000 ms, but we're talking about reloading every few days, who cares?).
  
  Reply View | 0 replies
mholt 2 days ago

Oh, my, yes it is :) (I don't have time to elaborate on this again right now, unfortunately.)

Reply View | 1 reply
- jabart 2 days ago
  
  You have a link to a previous discussion on this? I'm curious if there is some hidden thing occurring or if just connection resets are happening or something else you are aware of.
  
  Reply View | 0 replies