[07:37:47]
<Guillaume Bouzige> je suis curieux de retour d'experience sur kresus, je regardai aussi firefly avant de me lancer. kresus s'appuie sur du scrapping et firefly sur les API psd2 ? certains utilise l'un ou l'autre ? ca fonctionne de maniere fiable ya des limites jimagine non
[07:49:03]
<tituspijean> Très satisfait avec Kresus et Boursorama, et c'est du scrapping en effet. Faut garder un oeil sur la connexion, tous les 3 mois je crois il faut refaire une authentification
[08:18:13]
<Guillaume Bouzige> oki merci pour ton retour. je suis tenter par firefly aussi
[15:17:36]
<Yunohost Git/Infra notifications> [nextcloud_ynh] @clicit commented on issue #478 Folders shared publicly empty when connected with SSO: In my case the problem seems to come up with the SSO... Logging-in via the Yunohost Portal sets the cookie "SSOwAuthUse... https://github.com/YunoHost-Apps/nextcloud_ynh/issues/478#issuecomment-1277782432
[19:38:51]
<Guillaume Bouzige> hey there, does anyone know how can we generate **one** certificate for **two** domains ?
[19:39:20]
<Guillaume Bouzige> either self-signed or not
[19:39:22]
<tituspijean> That's not possible yet within YunoHost. What we plan to allow is a wildcard certificate though
[19:39:36]
<Guillaume Bouzige> hum I see
[19:39:42]
<Guillaume Bouzige> yunohost use certbot inside ?
[19:40:11]
<tituspijean> You might do it manually though with certbot yes, but here be dragons.
[19:41:34]
<Guillaume Bouzige> can I first generate my second domain with yunohost and then re-generate the certificates in a way that includes both
[19:41:41]
<Guillaume Bouzige> can I first generate my second domain with yunohost and then re-generate the certificates in a way that includes both domains
[19:41:46]
<Guillaume Bouzige> can I first generate my second domain with yunohost and then re-generate the certificates in a way that includes both domains ?
[19:42:21]
<tituspijean> No idea.
[19:42:33]
<Guillaume Bouzige> or better manage the second domain fully manually
[19:43:12]
<tituspijean> I think I forgot one important question... *why?*
[19:43:42]
<Guillaume Bouzige> ahaha to have a yunohost app of cryptpad that is secure enough to be updated to latest version
[19:43:59]
<Guillaume Bouzige> it needs a secondary sandbox domain
[19:48:43]
<tituspijean> Fair enough 😄
[19:50:54]
<Guillaume Bouzige> > <@titus:pijean.ovh> You might do it manually though with certbot yes, but here be dragons.
you sure yuno use certbot ? it seems like it is not there
[19:51:47]
<tituspijean> Why not, while we try to implement it (or not) in the core :
1. Write about the need to generate the cert after install in the README (IIRC you add it directly from the install script)
2. Within the install script try a `if ! yunohost cert install the.domain.tld --no-checks`. So that if the command fails, send an email to the admin reminding them for the need to setup their DNS and install the cert
[19:52:01]
<tituspijean> > you sure yuno use certbot ? it seems like it is not there
Not sure
[19:52:43]
<Guillaume Bouzige> > <@titus:pijean.ovh> Why not, while we try to implement it (or not) in the core :
>
> 1. Write about the need to generate the cert after install in the README (IIRC you add it directly from the install script)
>
> 2. Within the install script try a `if ! yunohost cert install the.domain.tld --no-checks`. So that if the command fails, send an email to the admin reminding them for the need to setup their DNS and install the cert
I would rather do that automatically at install
[19:53:58]
<tituspijean> I agree, but right now it's not implemented. And Let's Encrypt would require a DNS or HTTPS challenge, both of which are not guaranteed to work since most users would need to add the records manually.
[19:54:10]
<tituspijean> Not everyone use the auto DNS thingy
[19:54:35]
<Guillaume Bouzige> hum hum hum
[19:55:25]
<Guillaume Bouzige> does it actually make any sense to have it as self-signed ?
[19:57:06]
<Guillaume Bouzige> `from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate` looks like that use a python library to manage certif
[19:59:35]
<tituspijean> It depends on how Cryptpad uses its sandbox domain
[19:59:55]
<tituspijean> Is it purely internal, or do the users clients need to reach it?
[20:00:20]
<tituspijean> My guess a self-signed one will end up in rejected connections
[20:00:32]
<Guillaume Bouzige> yeah me too
[20:00:33]
<tituspijean> +is
[20:00:41]
<Guillaume Bouzige> with all the specifics headers they need....
[20:00:48]
<tituspijean> Yup :/
[20:01:04]
<Guillaume Bouzige> hum hum hum
[20:02:15]
<Guillaume Bouzige> it is true that the certificate generation is not straightforward as now : add domain to yuno + modif DNS + diagnosis + generate certificate
[20:07:04]
<Guillaume Bouzige> > <@titus:pijean.ovh> I agree, but right now it's not implemented. And Let's Encrypt would require a DNS or HTTPS challenge, both of which are not guaranteed to work since most users would need to add the records manually.
to be able to use DNS challenge considering the auto-DNS config with gandy will be awesome
[20:07:50]
<Guillaume Bouzige> especially for install without need of 80 and 443 ports open
[20:58:34]
<Guillaume Bouzige> 😎