Acme client not updating keys automatically
smithi at nimnet.asn.au
Thu May 25 16:49:56 UTC 2017
In freebsd-questions Digest, Vol 677, Issue 4 Message: 1
On Wed, 24 May 2017 16:56:48 +0100 Frank Shute <frank at woodcruft.co.uk> wrote:
> On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
> > Hello,
> > I've got a Freebsd 10.3 system running several ssl-enabled web
> > servers. I've got letsencrypt keys for all of them. I'm using
> > py27-certbot (am not stuck on it so if there's an alternative), and
> > have a cron job set to check keys and update them by doing a certbot
> > renew.
> > I thought something was wrong when I kept getting key expirey notices
> > from letsencrypt, then I checked a site and got a key has expired
> > message.
> > Suggestions welcome.
> Hi Dave,
> I'll venture forth an opinion that is maybe a bit controversial.
> The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
> crap IMHO.
> It's possibly fine if you're running a vanilla LAMP stack but start doing
> such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
> in trouble.
> My preference is either for acme.sh:
> which is an acme client written in portable (POSIX) shell.
I had a look, just for interest really. Very impressive. Clean, clear
code and lots of useful shell programming techniques of all sorts, on a
quick browse. Thorough built-in help on top of quality online docs.
And the first link in the 'Who are using acme.sh' section, FreeBSD.org,
points to Peter Wemm's excellent description of how it's used within the
FreeBSD cluster, among other interesting cluster theory and practice.
Hard to beat that for a recommendation.
As for python: I take your point, though it's not hard to write crappy
code in any language - but I think in Pascal, so what would I know! :)
More information about the freebsd-questions