-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option for SSL cert algorithm in DuckDNS addon #2189
Conversation
I vote for this pull request :) @ludeeus |
Co-authored-by: Joakim Sørensen <[email protected]>
The "algo" parameter does not appear to be optional as indicated in the documentation. When I updated this morning, duckdns would not start back up without defining an algo k/v. This was seen in the logs prior to defining the k/v in the configuration (token and dns names have been redacted):
|
Same as @teknomar7. |
The changes in dac5764 made the option non-optional. |
I would think you'd want to have the default value set if not specified. It lists the default value in the documentation as secp384r1, so it seems like not having a default value was the mistake here (not the incorrect documentation). Furthermore, this wasn't a major version bump, which would imply it's not a breaking change per semantic versioning, when this does break functionality without some type of human interaction. |
Well. I had the problem with the upgrade that "algo" is not optional. I don't care adding line to teh config. But I don't know what (sorry for being dummy :) ) For now, I added : |
There isn't a right or wrong answer here. I'd go with the default secp384r1, but if you have some client devices that call your https URL that stop working, see if there are any SSL handshake issues in the logs... which might mean you'd need to switch to RSA. The default secp384r1 is ECC and is supposed to improve performance over RSA from my understanding, but might not work on older devices that never got upgraded to work with that encryption type. Most people probably won't notice the difference between any of the options to be honest. |
* Add option for SSL cert algorithm in DuckDNS addon * Documentation * Apply suggestions from code review Co-authored-by: Joakim Sørensen <[email protected]> * Update CHANGELOG * Apply suggestions from code review Co-authored-by: Joakim Sørensen <[email protected]> Co-authored-by: Pascal Vizeli <[email protected]>
lets_encrypt.algo
inconfig.json
run.sh
as commandline option to dehydratedCloses #2183