Acme client not updating keys automatically

[Ian Smith]

In freebsd-questions Digest, Vol 677, Issue 4 Message: 1
On Wed, 24 May 2017 16:56:48 +0100 Frank Shute <frank at woodcruft.co.uk> wrote:
 > On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
 > >
 > > Hello,
 > > 
 > > I've got a Freebsd 10.3 system running several ssl-enabled web
 > > servers. I've got letsencrypt keys for all of them. I'm using
 > > py27-certbot (am not stuck on it so if there's an alternative), and
 > > have a cron job set to check keys and update them by doing a certbot
 > > renew.
 > > 
 > > I thought something was wrong when I kept getting key expirey notices
 > > from letsencrypt, then I checked a site and got a key has expired
 > > message.
 > > 
 > > Suggestions welcome.

 > Hi Dave,
 > 
 > I'll venture forth an opinion that is maybe a bit controversial.
 >
 > The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
 > crap IMHO.
 > 
 > It's possibly fine if you're running a vanilla LAMP stack but start doing
 > such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
 > in trouble.
 > 
 > My preference is either for acme.sh:
 > 
 > https://github.com/Neilpang/acme.sh
 > 
 > which is an acme client written in portable (POSIX) shell.

G'day Frank,

I had a look, just for interest really.  Very impressive.  Clean, clear 
code and lots of useful shell programming techniques of all sorts, on a 
quick browse.  Thorough built-in help on top of quality online docs.

And the first link in the 'Who are using acme.sh' section, FreeBSD.org, 
points to Peter Wemm's excellent description of how it's used within the 
FreeBSD cluster, among other interesting cluster theory and practice. 

https://blog.crashed.org/letsencrypt-in-freebsd-org/

Hard to beat that for a recommendation.

As for python: I take your point, though it's not hard to write crappy
code in any language - but I think in Pascal, so what would I know! :)

cheers, Ian