Make openSUSE the first distribution to support LetsEncrypt/ACME natively, in order to provide easy TLS encryption for all services. openSUSE users should be able to

  1. Request certificates for associated host names and keep them up-to-date.
  2. Use these certificate to configure their services (e.g. web, mail, etc).

Proposed Actions

  1. Evaluate yast2-certificate-management for fitness. Decide on whether to extend it or write a new module.
  2. Make use of an existing ACME client. Evaluate e.g. certbot, acmetool, dehydrated for fitness. YaST modules should not provide new functionality, only integration
  3. Extend yast2-http-server, yast2-mail, etc accordingly

Call for collaborators

Knowledge of either Ruby, YaST-Internals and ACME/TLS/X509 is useful, but not strictly necessary. I will give an introduction on the TLS related topics on Tuesday. It would be nice to have a YaST expert on the team.

Stretch Goals

Validation

A default setup should achieve an A/A+ rating on ssllabs.com

Further Readings

Related

Fate #320148.

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 15

Activity

  • about 7 years ago: cschum liked this project.
  • about 7 years ago: blarson liked this project.
  • about 7 years ago: fcrozat liked this project.
  • about 7 years ago: hennevogel liked this project.
  • about 7 years ago: lnussel liked this project.
  • about 7 years ago: kfreitag joined this project.
  • about 7 years ago: TBro liked this project.
  • about 7 years ago: dmacvicar liked this project.
  • about 7 years ago: dmolkentin started this project.
  • about 7 years ago: dmolkentin originated this project.

  • Comments

    • dmolkentin
      about 7 years ago by dmolkentin | Reply

      Here is the post mortem writeup, including a screenshot and status.

    Similar Projects

    This project is one of its kind!