Acme client not updating keys automatically

Frank Shute frank at
Wed May 24 15:56:58 UTC 2017

On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
> Hello,
> I've got a Freebsd 10.3 system running several ssl-enabled web
> servers. I've got letsencrypt keys for all of them. I'm using
> py27-certbot (am not stuck on it so if there's an alternative), and
> have a cron job set to check keys and update them by doing a certbot
> renew.
> I thought something was wrong when I kept getting key expirey notices
> from letsencrypt, then I checked a site and got a key has expired
> message.
> Suggestions welcome.
> Thanks.
> Dave.

Hi Dave,

I'll venture forth an opinion that is maybe a bit controversial.

The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
crap IMHO.

It's possibly fine if you're running a vanilla LAMP stack but start doing
such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
in trouble.

My preference is either for

which is an acme client written in portable (POSIX) shell.

Or: security/acme-client in ports which is written in C by a BSD bloke.

In my experience, the problem with software written in Python is that
because the barrier to entry is so low, is that even a mouth-breathing,
window-licking, know-nothing moron can write Python...and sure as shit,
they invariably do.

To be fair, I think a lot of that type are now picking up on Javascript and
it's bastard brethren. We've already seen a text editor written in it and
I feel it can be only a matter of time before they set their sights on a
RTOS...for suitably low values of "real time".




More information about the freebsd-questions mailing list