[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certbot override trusted CA when using custom server

From: Moisés Simón
Subject: Certbot override trusted CA when using custom server
Date: Thu, 18 Jan 2024 12:09:01 +0000 (+00:00)

Hi guix,

I'm running my own internal Lets Encrypt server.
The problem is certbot service even if it offers to change the server it does 
not specify any option to use REQUEST_CA_BUNDLE or skip ssl verificatiin 
(--no-verify-ssl certbot option)  you can see more of the feature here:

I have my own CA installed in /etc/ssl/certs thanks to a private pkg. Still 
certbot is using urllib2 or something like that an it does not use the system 
certificTe store (Ubuntu suffers the same problem)

so the question is
how can I extend certbot in my own system config to add the --ni-verify-ssl 
option (without the need to copy all certbot.scm)?
better yet, how can I use the env variable REQUEST_CA_BUNDLE?

I will probably add a patch to specify the --no-verify-ssl but right now I 
would also like to know if I can extend a service "on the fly"

reply via email to

[Prev in Thread] Current Thread [Next in Thread]