{"id":1785,"date":"2019-03-29T01:14:25","date_gmt":"2019-03-29T00:14:25","guid":{"rendered":"https:\/\/michauko.org\/blog\/?p=1785"},"modified":"2020-12-07T14:18:07","modified_gmt":"2020-12-07T13:18:07","slug":"lets-encrypt-sur-esxi","status":"publish","type":"post","link":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/","title":{"rendered":"Let&rsquo;s Encrypt&#8230; sur ESXi"},"content":{"rendered":"<p>Hopl\u00e0, j&rsquo;en avais marre d&rsquo;avoir des certifs auto-sign\u00e9s sur mes ESXi. Surtout depuis la mise en place de HSTS sur des domaines entiers (je vais t\u00e2cher de pondre un rapide article sur HSTS prochainement), les navigateurs hurlaient en voyant l&rsquo;interface web (en https, donc) de ESXi pr\u00e9senter des certifs auto-sign\u00e9s. Il fallait d\u00e9sactiver HSTS sur ces sites au niveau du serveur web ou le court-circuiter pour ces sites au niveau du navigateur ou trouver une autre solution&#8230;<!--more--><\/p>\n<p>J&rsquo;utilise principalement des ESXi 6.5. A voir pour des versions diff\u00e9rentes si ce que je raconte ci-dessous reste vrai. Vous me direz.<\/p>\n\n\n<h2 class=\"wp-block-heading\">Ce qu&rsquo;on trouve comme informations sur le web<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">On arrive facilement \u00e0 glaner les informations suivantes :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Les certifs auto-sign\u00e9s sont dans <code>\/etc\/vmware\/ssl\/<\/code>, fichiers rui.key et rui.crt<\/li><li>Les permissions de la clef priv\u00e9e (le .key) sont en 400 (read-only root), il faudra changer momentan\u00e9ment<\/li><li>Pour prendre en compte le changements, la plupart des gens recommandent de relancer l&rsquo;h\u00f4te (pratique pour une prod pour un si petit changement) ou de relancer *tous* les services (!) gr\u00e2ce \u00e0 <code>\/sbin\/services.sh restart<\/code>. Je trouve \u00e7a archi-bourrin. Je propose mieux ci-dessous<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Reste \u00e0 g\u00e9n\u00e9rer un certif letsencrypt et remplacer. Sauf que.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Le principal probl\u00e8me<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">J&rsquo;utilise le script <a rel=\"noreferrer noopener\" aria-label=\"dehydrated (ouverture dans un nouvel onglet)\" href=\"https:\/\/github.com\/lukas2511\/dehydrated\" target=\"_blank\">dehydrated<\/a> comme outil pour mettre \u00e0 jour mes certifs Let&rsquo;sEncrypt. Que ce soit cet outil ou un autre, le probl\u00e8me est que pour r\u00e9ussir un \u00ab\u00a0challenge\u00a0\u00bb prouvant votre propri\u00e9t\u00e9 d&rsquo;un nom de domaine, il faut pouvoir le lancer sur une machine sur laquelle on a un peu la main. Pas un ESXi car installer un \u00e9quivalent de script comme \u00e7a sur ESXi (assez brid\u00e9) me semble bien impossible.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Solution propos\u00e9e<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">En supposant que l&rsquo;ESXi sur lequel on veut un certif ait comme nom de domaine \u00ab\u00a0monesxi.mondomaine.fr\u00a0\u00bb. Gr\u00e2ce aux certifs wildcard de Let&rsquo;s Encrypt, on va pouvoir g\u00e9n\u00e9rer un certif valable \u00ab\u00a0*.mondomaine.fr\u00a0\u00bb depuis la machine mondomaine.fr, disons un Linux normal o\u00f9 on a la main et o\u00f9 on peut faire tourner r\u00e9guli\u00e8rement un script interagissant avec let&rsquo;s encrypt.<br>Il suffit alors de recopier ce certif wildcard, par SSH, sur l&rsquo;ESXi (en prenant soin de sauvegarder ceux auto-sign\u00e9s des fois qu&rsquo;ils resservent un jour&#8230;).<br>Tout \u00e7a va pouvoir se scripter assez ais\u00e9ment \u00e0 grand coup de SSH pour recopier le r\u00e9sultat sur l&rsquo;ESXi : reg\u00e9n\u00e9ration tous les 3 mois, copie des nouveaux certifs et relance du service web de l&rsquo;ESXi.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Je passe sur la mani\u00e8re de scripter la g\u00e9n\u00e9ration d&rsquo;un wildcard letsencrypt par dehydrated. J&rsquo;utilise le \u00ab\u00a0challenge DNS\u00a0\u00bb avec un hook qui va bien pour interfacer dehydrated et l&rsquo;h\u00e9bergeur de mon DNS, un classique OVH dans le cas qui m&rsquo;int\u00e9resse. C&rsquo;est <\/em><a href=\"https:\/\/michauko.org\/blog\/letsencrypt-wildcard-dehydrated-et-challenge-dns-1746\/\"><em>d\u00e9crit dans un pr\u00e9c\u00e9dent article ici<\/em><\/a><em>.<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Reste \u00e0 relancer le service web de l&rsquo;ESXi pour prendre en compte la modification. Au lieu de rebooter ou relancer tous les services (long et dangereux), en cherchant un peu on trouve un script init.d appel\u00e9 <code>\/etc\/init.d\/rhttpproxy<\/code>. En tentant sa chance avec un bon vieux \/<code>etc\/init.d\/rhttpproxy restart<\/code>, et bien hop, un reload de la page https du serveur et \u00e7a marche. Le certif pr\u00e9sent\u00e9 est celui de Let&rsquo;sEcnrypt. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Voil\u00e0, \u00e7a fait plus joli dans la barre d&rsquo;adresse. Et \u00e7a \u00e9vite une surprise si HSTS est un peu trop violent avec votre navigateur (j&rsquo;en parle m\u00eame pas si vous avez fait un \u00ab\u00a0preload\u00a0\u00bb sur hstspreload.org et que vous constatez apr\u00e8s coup que ESXi n&rsquo;ont pas de certifs valables. Oops, j&rsquo;ai failli me faire avoir).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hopl\u00e0, j&rsquo;en avais marre d&rsquo;avoir des certifs auto-sign\u00e9s sur mes ESXi. Surtout depuis la mise en place de HSTS sur des domaines entiers (je vais t\u00e2cher de pondre un rapide article sur HSTS prochainement), les &hellip;<\/p>\n","protected":false},"author":2,"featured_media":1747,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[389],"tags":[457,597,593,598,456],"class_list":["post-1785","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-reseau-secu","tag-esxi","tag-hsts","tag-letsencrypt","tag-rhttpproxy","tag-vmware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Let&#039;s Encrypt... sur ESXi - Le blog de Michauko<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Let&#039;s Encrypt... sur ESXi - Le blog de Michauko\" \/>\n<meta property=\"og:description\" content=\"Hopl\u00e0, j&rsquo;en avais marre d&rsquo;avoir des certifs auto-sign\u00e9s sur mes ESXi. Surtout depuis la mise en place de HSTS sur des domaines entiers (je vais t\u00e2cher de pondre un rapide article sur HSTS prochainement), les &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/\" \/>\n<meta property=\"og:site_name\" content=\"Le blog de Michauko\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-29T00:14:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-07T13:18:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/michauko.org\/blog\/wp-content\/uploads\/2018\/07\/letsenrypt_logo.png\" \/>\n\t<meta property=\"og:image:width\" content=\"432\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"michauko\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"michauko\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/\"},\"author\":{\"name\":\"michauko\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"headline\":\"Let&rsquo;s Encrypt&#8230; sur ESXi\",\"datePublished\":\"2019-03-29T00:14:25+00:00\",\"dateModified\":\"2020-12-07T13:18:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/\"},\"wordCount\":620,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/michauko.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/letsenrypt_logo.png\",\"keywords\":[\"ESXi\",\"HSTS\",\"letsencrypt\",\"rhttpproxy\",\"VMWare\"],\"articleSection\":[\"reseau et s\u00e9cu\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/\",\"name\":\"Let's Encrypt... sur ESXi - Le blog de Michauko\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/michauko.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/letsenrypt_logo.png\",\"datePublished\":\"2019-03-29T00:14:25+00:00\",\"dateModified\":\"2020-12-07T13:18:07+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#primaryimage\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/letsenrypt_logo.png\",\"contentUrl\":\"https:\\\/\\\/michauko.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/letsenrypt_logo.png\",\"width\":432,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/lets-encrypt-sur-esxi-1785\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Let&rsquo;s Encrypt&#8230; sur ESXi\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/\",\"name\":\"Le blog de Michauko\",\"description\":\"Si tu ne comprends pas le titre de l&#039;article, passe ton chemin\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/michauko.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/michauko.org\\\/blog\\\/#\\\/schema\\\/person\\\/0cd9f3d9ce4dccc05df81a5b27051ea9\",\"name\":\"michauko\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g\",\"caption\":\"michauko\"},\"sameAs\":[\"http:\\\/\\\/michauko.org\\\/\"],\"url\":\"https:\\\/\\\/michauko.org\\\/blog\\\/author\\\/randomized2\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Let's Encrypt... sur ESXi - Le blog de Michauko","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/","og_locale":"fr_FR","og_type":"article","og_title":"Let's Encrypt... sur ESXi - Le blog de Michauko","og_description":"Hopl\u00e0, j&rsquo;en avais marre d&rsquo;avoir des certifs auto-sign\u00e9s sur mes ESXi. Surtout depuis la mise en place de HSTS sur des domaines entiers (je vais t\u00e2cher de pondre un rapide article sur HSTS prochainement), les &hellip;","og_url":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/","og_site_name":"Le blog de Michauko","article_published_time":"2019-03-29T00:14:25+00:00","article_modified_time":"2020-12-07T13:18:07+00:00","og_image":[{"width":432,"height":432,"url":"https:\/\/michauko.org\/blog\/wp-content\/uploads\/2018\/07\/letsenrypt_logo.png","type":"image\/png"}],"author":"michauko","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"michauko","Dur\u00e9e de lecture estim\u00e9e":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#article","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/"},"author":{"name":"michauko","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"headline":"Let&rsquo;s Encrypt&#8230; sur ESXi","datePublished":"2019-03-29T00:14:25+00:00","dateModified":"2020-12-07T13:18:07+00:00","mainEntityOfPage":{"@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/"},"wordCount":620,"commentCount":0,"image":{"@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#primaryimage"},"thumbnailUrl":"https:\/\/michauko.org\/blog\/wp-content\/uploads\/2018\/07\/letsenrypt_logo.png","keywords":["ESXi","HSTS","letsencrypt","rhttpproxy","VMWare"],"articleSection":["reseau et s\u00e9cu"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/","url":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/","name":"Let's Encrypt... sur ESXi - Le blog de Michauko","isPartOf":{"@id":"https:\/\/michauko.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#primaryimage"},"image":{"@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#primaryimage"},"thumbnailUrl":"https:\/\/michauko.org\/blog\/wp-content\/uploads\/2018\/07\/letsenrypt_logo.png","datePublished":"2019-03-29T00:14:25+00:00","dateModified":"2020-12-07T13:18:07+00:00","author":{"@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9"},"breadcrumb":{"@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#primaryimage","url":"https:\/\/michauko.org\/blog\/wp-content\/uploads\/2018\/07\/letsenrypt_logo.png","contentUrl":"https:\/\/michauko.org\/blog\/wp-content\/uploads\/2018\/07\/letsenrypt_logo.png","width":432,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/michauko.org\/blog\/lets-encrypt-sur-esxi-1785\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/michauko.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Let&rsquo;s Encrypt&#8230; sur ESXi"}]},{"@type":"WebSite","@id":"https:\/\/michauko.org\/blog\/#website","url":"https:\/\/michauko.org\/blog\/","name":"Le blog de Michauko","description":"Si tu ne comprends pas le titre de l&#039;article, passe ton chemin","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/michauko.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/michauko.org\/blog\/#\/schema\/person\/0cd9f3d9ce4dccc05df81a5b27051ea9","name":"michauko","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5c3a8969c185fd0eef3893a15408f3ef1b36a6681a066b1eb32045643c30ba65?s=96&d=mm&r=g","caption":"michauko"},"sameAs":["http:\/\/michauko.org\/"],"url":"https:\/\/michauko.org\/blog\/author\/randomized2\/"}]}},"_links":{"self":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/1785","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/comments?post=1785"}],"version-history":[{"count":5,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/1785\/revisions"}],"predecessor-version":[{"id":1792,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/posts\/1785\/revisions\/1792"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/media\/1747"}],"wp:attachment":[{"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/media?parent=1785"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/categories?post=1785"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michauko.org\/blog\/wp-json\/wp\/v2\/tags?post=1785"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}