Let's Encrypt with OpenStack bundel


Could someone help me out clear some confusion with how to use SSL certs with OpenStack bundle?
I know Vault is now used to provide certificates for other components, and I also know Let’s Encrypt only allows end-entity leaf certificates so kind of two questions, assuming we don’t have signed by public CA intermediate certificate.

  1. Is there a way using Let’s Encrypt with Vault, I’m assuming not as you need an intermediate cert for Vault so it can then issue certificates for other components. So unless you pay, the only option here is internal PKI
  2. Can you use Let’s Encrypt to provide certs for components like Keystone, Horizon via SSL ca/cert/key config options, if yes does it mean you don’t need Vault anymore or Vault is also used internally for other things.
1 Like