Acme client not updating keys automatically

Ian Smith smithi at
Thu May 25 16:49:56 UTC 2017

In freebsd-questions Digest, Vol 677, Issue 4 Message: 1
On Wed, 24 May 2017 16:56:48 +0100 Frank Shute <frank at> wrote:
 > On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
 > >
 > > Hello,
 > > 
 > > I've got a Freebsd 10.3 system running several ssl-enabled web
 > > servers. I've got letsencrypt keys for all of them. I'm using
 > > py27-certbot (am not stuck on it so if there's an alternative), and
 > > have a cron job set to check keys and update them by doing a certbot
 > > renew.
 > > 
 > > I thought something was wrong when I kept getting key expirey notices
 > > from letsencrypt, then I checked a site and got a key has expired
 > > message.
 > > 
 > > Suggestions welcome.

 > Hi Dave,
 > I'll venture forth an opinion that is maybe a bit controversial.
 > The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
 > crap IMHO.
 > It's possibly fine if you're running a vanilla LAMP stack but start doing
 > such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
 > in trouble.
 > My preference is either for
 > which is an acme client written in portable (POSIX) shell.

G'day Frank,

I had a look, just for interest really.  Very impressive.  Clean, clear 
code and lots of useful shell programming techniques of all sorts, on a 
quick browse.  Thorough built-in help on top of quality online docs.

And the first link in the 'Who are using' section,, 
points to Peter Wemm's excellent description of how it's used within the 
FreeBSD cluster, among other interesting cluster theory and practice.

Hard to beat that for a recommendation.

As for python: I take your point, though it's not hard to write crappy
code in any language - but I think in Pascal, so what would I know! :)

cheers, Ian

More information about the freebsd-questions mailing list