On 12 Jul 2016, at 15:28, Daniel Pocock daniel@pocock.pro wrote:
Hi all,
I published a blog[1] about the new Let's Encrypt free CA and how it will benefit Free RTC
Has anybody else tried the certificates with any servers for SIP, XMPP or other RTC services?
I have used it with SIP servers and ejabberd for XMPP. No problems. I would love being able to get certs following the SIP server certificate standard though, or certs with multiple subj alt names.
Has anybody looked at integrating certbot[3] or any of the other tools for automatic certificate renewal?
You don’t really want to integrate certbot, you want to integrate the ACME protocol.
The first level to check is to see if your server application can reload/restart TLS and get new certificates on the fly, without service disruption. As far as I checked both Asterisk and Kamailio can do that, which is a requirement if you need to exchange certificates every third month.
/O
Regards,
Daniel
- https://danielpocock.com/lets-encrypt-torpedoes-cost-free-rtc
- https://letsencrypt.org/
- https://certbot.eff.org/
Free-RTC mailing list Free-RTC@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/free-rtc