Acme client not updating keys automatically

Jim Ohlstein jim at
Wed May 24 18:31:18 UTC 2017


On 05/24/2017 11:56 AM, Frank Shute wrote:
> On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
>> Hello,
>> I've got a Freebsd 10.3 system running several ssl-enabled web
>> servers. I've got letsencrypt keys for all of them. I'm using
>> py27-certbot (am not stuck on it so if there's an alternative), and
>> have a cron job set to check keys and update them by doing a certbot
>> renew.
>> I thought something was wrong when I kept getting key expirey notices
>> from letsencrypt, then I checked a site and got a key has expired
>> message.
>> Suggestions welcome.
>> Thanks.
>> Dave.
> Hi Dave,
> I'll venture forth an opinion that is maybe a bit controversial.
> The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
> crap IMHO.

Not tryinh to start a fight (Honets!), but I'm curious as to how you 
arrived at that opinion. Code analysis, use for purpose, or just a 
general opinion of Python kiddie coders?

I ask because I use it, and it suits my purpose just fine. Of course I 
use a few domain/multi-subdomain certs, and I simply force renew them 
manually the first week of every other month. Doesn't take more than a 
few minutes for the whole process inclusing reloading nginx, Postfix, 
Dovecot, etc. Only glitch was recently when one dependency got ahead of 
py-certbot. A suitable patch was available within a day or so.

> It's possibly fine if you're running a vanilla LAMP stack but start doing
> such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
> in trouble.
> My preference is either for
> which is an acme client written in portable (POSIX) shell.
> Or: security/acme-client in ports which is written in C by a BSD bloke.

I didn't realize that existed. Thanks!

> In my experience, the problem with software written in Python is that
> because the barrier to entry is so low, is that even a mouth-breathing,
> window-licking, know-nothing moron can write Python...and sure as shit,
> they invariably do.

Tell us how you really feel. ;)

> To be fair, I think a lot of that type are now picking up on Javascript and
> it's bastard brethren. We've already seen a text editor written in it and
> I feel it can be only a matter of time before they set their sights on a
> RTOS...for suitably low values of "real time".
> Regards,

Jim Ohlstein
Professional Mailman Hosting

More information about the freebsd-questions mailing list