New hook: Generate/Fetch external CSR #274

New Issue

Closed

opened 2025-12-29 01:20:50 +01:00 by adam · 5 comments

adam commented 2025-12-29 01:20:50 +01:00

Owner

Copy Link

Originally created by @lukas2511 on GitHub (Feb 6, 2018).

A new hook will be implemented which allows for external CSR generation or fetching, this should make it possible to use dehydrated to e.g. sign certificates for routers or similar more closed systems without handling their private keys.

Originally created by @lukas2511 on GitHub (Feb 6, 2018). A new hook will be implemented which allows for external CSR generation or fetching, this should make it possible to use dehydrated to e.g. sign certificates for routers or similar more closed systems without handling their private keys.

adam closed this issue 2025-12-29 01:20:50 +01:00

adam commented 2025-12-29 01:20:51 +01:00

Author

Owner

Copy Link

@lukas2511 commented on GitHub (Feb 6, 2018):

The hook will be called generate_csr, and will have the name of the certificate as listed in domains.txt as single parameter. Domain altnames and timestamp can be read from the environment.

All names for the certificate order will be extracted from the generated / fetched CSR, so domains.txt can basically contain a simple alias and doesn't need the correct domain-set in this case.

@lukas2511 commented on GitHub (Feb 6, 2018): The hook will be called `generate_csr`, and will have the name of the certificate as listed in domains.txt as single parameter. Domain altnames and timestamp can be read from the environment. All names for the certificate order will be extracted from the generated / fetched CSR, so domains.txt can basically contain a simple alias and doesn't need the correct domain-set in this case.

adam commented 2025-12-29 01:20:53 +01:00

Author

Owner

Copy Link

@lukas2511 commented on GitHub (Feb 6, 2018):

Implemented in 63854b752b.

@lukas2511 commented on GitHub (Feb 6, 2018): Implemented in 63854b752ba7745dff3dc459f700bd594d25686e.

adam commented 2025-12-29 01:20:55 +01:00

Author

Owner

Copy Link

@Gnarfoz commented on GitHub (Apr 25, 2018):

The host names of these devices will still need to be publicly reachable, though, right?
Or am I missing something here. 🤔

@Gnarfoz commented on GitHub (Apr 25, 2018): The host names of these devices will still need to be publicly reachable, though, right? Or am I missing something here. 🤔

adam commented 2025-12-29 01:20:55 +01:00

Author

Owner

Copy Link

@lukas2511 commented on GitHub (Apr 25, 2018):

@Gnarfoz at least DNS has to be resolvable from outside so you can use DNS-01, you need to verify ownership of the hostnames in some way

@lukas2511 commented on GitHub (Apr 25, 2018): @Gnarfoz at least DNS has to be resolvable from outside so you can use DNS-01, you need to verify ownership of the hostnames in some way

adam commented 2025-12-29 01:20:56 +01:00

Author

Owner

Copy Link

@Gnarfoz commented on GitHub (Apr 25, 2018):

That's what I figured. I'll have to look into DNS-based verification some more. Thanks for the quick reply (and dehydrated in general ❤️)!

@Gnarfoz commented on GitHub (Apr 25, 2018): That's what I figured. I'll have to look into DNS-based verification some more. Thanks for the quick reply (and dehydrated in general ❤️)!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

sudo-env

testing

rfc8738

jsonsh

v0.7.2

v0.7.1

v0.7.0

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.1

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels

Complicated

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

suggestions wanted

testing

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#274