Acme client not updating keys automatically
Jim Ohlstein
jim at mailman-hosting.com
Wed May 24 18:31:18 UTC 2017
Hello,
On 05/24/2017 11:56 AM, Frank Shute wrote:
> On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
>>
>> Hello,
>>
>> I've got a Freebsd 10.3 system running several ssl-enabled web
>> servers. I've got letsencrypt keys for all of them. I'm using
>> py27-certbot (am not stuck on it so if there's an alternative), and
>> have a cron job set to check keys and update them by doing a certbot
>> renew.
>>
>> I thought something was wrong when I kept getting key expirey notices
>> from letsencrypt, then I checked a site and got a key has expired
>> message.
>>
>> Suggestions welcome.
>>
>> Thanks.
>> Dave.
>
>
> Hi Dave,
>
>
> I'll venture forth an opinion that is maybe a bit controversial.
>
> The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
> crap IMHO.
Not tryinh to start a fight (Honets!), but I'm curious as to how you
arrived at that opinion. Code analysis, use for purpose, or just a
general opinion of Python kiddie coders?
I ask because I use it, and it suits my purpose just fine. Of course I
use a few domain/multi-subdomain certs, and I simply force renew them
manually the first week of every other month. Doesn't take more than a
few minutes for the whole process inclusing reloading nginx, Postfix,
Dovecot, etc. Only glitch was recently when one dependency got ahead of
py-certbot. A suitable patch was available within a day or so.
>
> It's possibly fine if you're running a vanilla LAMP stack but start doing
> such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
> in trouble.
>
> My preference is either for acme.sh:
>
> https://github.com/Neilpang/acme.sh
>
> which is an acme client written in portable (POSIX) shell.
>
> Or: security/acme-client in ports which is written in C by a BSD bloke.
I didn't realize that existed. Thanks!
>
> In my experience, the problem with software written in Python is that
> because the barrier to entry is so low, is that even a mouth-breathing,
> window-licking, know-nothing moron can write Python...and sure as shit,
> they invariably do.
Tell us how you really feel. ;)
>
> To be fair, I think a lot of that type are now picking up on Javascript and
> it's bastard brethren. We've already seen a text editor written in it and
> I feel it can be only a matter of time before they set their sights on a
> RTOS...for suitably low values of "real time".
>
>
> Regards,
>
--
Jim Ohlstein
Professional Mailman Hosting
https://mailman-hosting.com/
More information about the freebsd-questions
mailing list