Using letsencrypt certificates with a Taskwarrior server

Sun 23 July 2017 in Administration. Tags: taskwarrior, letsencrypt. By mrwonko.

Back in May a colleague recommended Taskwarrior to me for task management. And while tools don't matter nearly as much as the way you use them (i.e. your psychology), I think Taskwarrior encourages a bunch of useful habits like regularly reviewing outstanding tasks, grouping them into projects and tagging them for easy filtering.

To get the most out of task management software you need to be able to quickly take a note anywhere, and that means having it on all your devices and syncing the tasks between them. This requires setting up your own Taskserver, which I actually prefer to cloud services because I maintain control of my data and know the service won't be shutdown unexpectedly.

There's a pretty good guide on setting up a Taskserver, but it involves self-signing certificates for your server. I have a proper letsencrypt certificate, so naturally I wanted to use that instead. It took me some tinkering, but I managed to make it work.

Taskwarrior uses TLS x509 Authentication to verify it's talking to the correct host. That essentially means there's a public/private key pair used for encryption and a certificate signed by a trusted authority verifying that this is the correct server for the domain. This mechanism is used to verify both the server's and the client's identity.

Here's an explanation of the server settings:

And these are the relevant client settings:

And that's all that's necessary to securely encrypt and authenticate communication between Taskwarrior and a Taskserver. Hooray!

So in the end nothing really special was necessary, it was primarily a matter of understanding what exactly all the settings do and that most places that say "cert" or "ca" (singular) actually accept files containing lists/chains, which mostly involved diving through the taskd source code and the gnutls documentation.

Next step: writing a Windows Phone client!


Remember to restart your taskd server when your certificate changes, or sync will fail once it expires!


Failed to load comments! {{ error }}

No comments.

Write a comment

Failed to submit comment! {{ error }}
Comment submitted!
Simple HTML tags are allowed.