Acme client not updating keys automatically
jim at mailman-hosting.com
Wed May 24 18:45:12 UTC 2017
On 05/24/2017 02:31 PM, Jim Ohlstein wrote:
> On 05/24/2017 11:56 AM, Frank Shute wrote:
>> On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
>>> I've got a Freebsd 10.3 system running several ssl-enabled web
>>> servers. I've got letsencrypt keys for all of them. I'm using
>>> py27-certbot (am not stuck on it so if there's an alternative), and
>>> have a cron job set to check keys and update them by doing a certbot
>>> I thought something was wrong when I kept getting key expirey notices
>>> from letsencrypt, then I checked a site and got a key has expired
>>> Suggestions welcome.
>> Hi Dave,
>> I'll venture forth an opinion that is maybe a bit controversial.
>> The certbot written in python 2.7, as recommended by Letsencrypt, is a
>> crap IMHO.
> Not tryinh to start a fight (Honets!), but I'm curious as to how you
> arrived at that opinion. Code analysis, use for purpose, or just a
> general opinion of Python kiddie coders?
> I ask because I use it, and it suits my purpose just fine. Of course I
> use a few domain/multi-subdomain certs, and I simply force renew them
> manually the first week of every other month. Doesn't take more than a
> few minutes for the whole process inclusing reloading nginx, Postfix,
> Dovecot, etc. Only glitch was recently when one dependency got ahead of
> py-certbot. A suitable patch was available within a day or so.
>> It's possibly fine if you're running a vanilla LAMP stack but start doing
>> such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly
>> end up
>> in trouble.
>> My preference is either for acme.sh:
>> which is an acme client written in portable (POSIX) shell.
>> Or: security/acme-client in ports which is written in C by a BSD bloke.
> I didn't realize that existed. Thanks!
Add: it has a build dependency on libressl, which apparently makes it a
non-starter for portmaster and portupgrade users who rely on the openssl
port. It works fine with poudriere, and probably also with synth.
>> In my experience, the problem with software written in Python is that
>> because the barrier to entry is so low, is that even a mouth-breathing,
>> window-licking, know-nothing moron can write Python...and sure as shit,
>> they invariably do.
> Tell us how you really feel. ;)
>> To be fair, I think a lot of that type are now picking up on
>> it's bastard brethren. We've already seen a text editor written in it and
>> I feel it can be only a matter of time before they set their sights on a
>> RTOS...for suitably low values of "real time".
Professional Mailman Hosting
More information about the freebsd-questions