Update the release documentation #85369
Conversation
| Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are | ||
| preserved and thus it is possible to roll back to previous versions without breaking certificate | ||
| generation. | ||
| Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le. |
There was a problem hiding this comment.
simp_le state and lego state are stored in different directories no? or at different places? So rollback should work? if that isn't the case anymore than that's a new bug.
There was a problem hiding this comment.
We dont say it's backwards compatible. We just say that rollback is an option. Those are different things
There was a problem hiding this comment.
Ah yes, if that’s what you mean for "rollback". However:
- a new account will be recreated by lego anwyay, he won’t be able to use the one created by simp_le
- lego will generate new certificates when switching from simp-le to lego the first time, because it doesn’t use the content of /var/lib/acme/your_cert to make its decision. Switching back I don’t know (that will depend on how simp-le computes if a certificate is too old)
There was a problem hiding this comment.
We mean rollback in the sense of nixos-rebuild switch --rollback. i.e. the switch to lego doesn't destroy any simp_le state so if something goes bad with upgrade, you can go back to 19.09 and figure out what went wrong
There was a problem hiding this comment.
Ok, I’ll put back the last line then
immae
force-pushed
the
fix_acme_reuse_key
branch
from
6b6d30e
to
7c5fce5
Compare
|
@GrahamcOfBorg test acme |
immae
force-pushed
the
fix_acme_reuse_key
branch
from
7c5fce5
to
7d7b6c1
Compare
|
Thanks! Maybe future work, but can we test this feature in a VM test? |
I agree. I already tried to understand how tests worked, but I’m not fully at ease with the language yet, it’s still new to me. If you think it’s necessary for this PR it may take me a bit longer to manage to write it (or someone else to write it) |
immae
force-pushed
the
fix_acme_reuse_key
branch
from
7d7b6c1
to
5eae566
Compare
It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not.
immae
force-pushed
the
fix_acme_reuse_key
branch
from
5eae566
to
b3e8c0e
Compare
immae
changed the title
|
@flokli : done |
Motivation for this change
See this comment on the issue: #84633 (comment)
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)