kevgliss

I believe Let's encrypt is still new and may be missing documentation cc @castrapel

@philippkayser Can you provide your full stacktrace?

@philippkayser What do you mean by > lemur is now reachable from outside, also all necessary domains Lemur really shouldn't be accessible to the internet at large. If you meant...

It looks like cloudflare, dyn and route53 are currently support: https://github.com/Netflix/lemur/tree/c0c6ff51e2f1487f02a6f0814bdd28629345a40a/lemur/plugins/lemur_acme If you use a different DNS provider you would have to implement your provider in a similar manner.

I agree we shouldn't allow private keys to be exposed for pending certs. The way we have handled this in other places is through `creator` and `owner` roles: https://github.com/Netflix/lemur/blob/master/lemur/certificates/views.py#L448 Would...

Howdy, 1) Yes, Lemur stores private keys in the postgres database encrypted. 2) Lemur is not a CA itself, instead it relies on issuer plugins to reach out to third-party...

We use Lemur every day in production and have for the last several years. The reason I say that the cryptography plugin isn't for production use is that Lemur typically...

Hmm, you're correct that there is no way in the UI to import an intermediate. You could import them directly in the DB or perhaps create a cli function to...

I believe so.

I haven't worked on this project in a while, judging from: https://github.com/Netflix/lemur/blob/37e58574066921f50485398d195994b1b805c216/lemur/tests/test_utils.py#L8 It looks like quite a few curves are now supported. cc @hosseinsh @csine-nflx