You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 25, 2026. It is now read-only.
Looking back at how we made this work, it seems that the client creates a self-signed cert whose hash determines its URL under .box.knilxof.org, but then it serves the LetsEncrypt cert, which will have a different hash altogether. It would be better if we use the hash of the actual LetsEncrypt cert, but the client already needs to edit DNS when only a csr exists, so not sure if/how we can extract the public key hash from the csr. Will have a look at which files letsencrypt.sh produces.
Looking back at how we made this work, it seems that the client creates a self-signed cert whose hash determines its URL under
.box.knilxof.org, but then it serves the LetsEncrypt cert, which will have a different hash altogether. It would be better if we use the hash of the actual LetsEncrypt cert, but the client already needs to edit DNS when only a csr exists, so not sure if/how we can extract the public key hash from the csr. Will have a look at which filesletsencrypt.shproduces.