Initial commit: OCA Technical packages (595 packages)

odoo-bringout-oca-server-tools-letsencrypt/letsencrypt/readme/CONFIGURE.rst

@@ -0,0 +1,24 @@
+This addons requests a certificate for the domain named in the configuration
+parameter ``web.base.url`` - if this comes back as ``localhost`` or the like,
+the module doesn't request anything.
+
+Futher self-explanatory settings are in Settings -> General Settings. There you
+can add further domains to the CSR, add a custom script that updates your DNS
+and add a script that will be used to reload your web server (if needed).
+The number of domains that can be added to a certificate is
+`capped at 100 <https://letsencrypt.org/docs/rate-limits/>`_. A wildcard
+certificate can be used to avoid that limit.
+
+Note that all those domains must be publicly reachable on port 80 via HTTP, and
+they must have an entry for ``.well-known/acme-challenge`` pointing to
+``$datadir/letsencrypt/acme-challenge`` of your odoo instance.
+
+Since DNS changes can take some time to propagate, when we respond to a DNS challenge
+and the server tries to check our response, it might fail (and probably will).
+The solution to this is documented in https://tools.ietf.org/html/rfc8555#section-8.2
+and basically is a ``Retry-After`` header under which we can instruct the server to
+retry the challenge.
+At the time these lines were written, Boulder had not implemented this functionality.
+This prompted us to use ``letsencrypt.backoff`` configuration parameter, which is the
+amount of minutes this module will try poll the server to retry validating the answer
+to our challenge, specifically it is the ``deadline`` parameter of ``poll_and_finalize``.