Acme client not updating keys automatically
Frank Shute
frank at woodcruft.co.uk
Wed May 24 15:56:58 UTC 2017
On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
>
> Hello,
>
> I've got a Freebsd 10.3 system running several ssl-enabled web
> servers. I've got letsencrypt keys for all of them. I'm using
> py27-certbot (am not stuck on it so if there's an alternative), and
> have a cron job set to check keys and update them by doing a certbot
> renew.
>
> I thought something was wrong when I kept getting key expirey notices
> from letsencrypt, then I checked a site and got a key has expired
> message.
>
> Suggestions welcome.
>
> Thanks.
> Dave.
Hi Dave,
I'll venture forth an opinion that is maybe a bit controversial.
The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
crap IMHO.
It's possibly fine if you're running a vanilla LAMP stack but start doing
such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
in trouble.
My preference is either for acme.sh:
https://github.com/Neilpang/acme.sh
which is an acme client written in portable (POSIX) shell.
Or: security/acme-client in ports which is written in C by a BSD bloke.
In my experience, the problem with software written in Python is that
because the barrier to entry is so low, is that even a mouth-breathing,
window-licking, know-nothing moron can write Python...and sure as shit,
they invariably do.
To be fair, I think a lot of that type are now picking up on Javascript and
it's bastard brethren. We've already seen a text editor written in it and
I feel it can be only a matter of time before they set their sights on a
RTOS...for suitably low values of "real time".
Regards,
--
Frank
More information about the freebsd-questions
mailing list