Date: Fri, 26 May 2017 02:33:06 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Frank Shute <frank@woodcruft.co.uk> Cc: David Mehler <dave.mehler@gmail.com>, Jim Ohlstein <jim@mailman-hosting.com>, freebsd-questions@freebsd.org Subject: Re: Acme client not updating keys automatically Message-ID: <20170526010738.Q54860@sola.nimnet.asn.au> In-Reply-To: <mailman.99.1495713602.50632.freebsd-questions@freebsd.org> References: <mailman.99.1495713602.50632.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 677, Issue 4 Message: 1 On Wed, 24 May 2017 16:56:48 +0100 Frank Shute <frank@woodcruft.co.uk> wrote: > On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote: > > > > Hello, > > > > I've got a Freebsd 10.3 system running several ssl-enabled web > > servers. I've got letsencrypt keys for all of them. I'm using > > py27-certbot (am not stuck on it so if there's an alternative), and > > have a cron job set to check keys and update them by doing a certbot > > renew. > > > > I thought something was wrong when I kept getting key expirey notices > > from letsencrypt, then I checked a site and got a key has expired > > message. > > > > Suggestions welcome. > Hi Dave, > > I'll venture forth an opinion that is maybe a bit controversial. > > The certbot written in python 2.7, as recommended by Letsencrypt, is a bit > crap IMHO. > > It's possibly fine if you're running a vanilla LAMP stack but start doing > such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up > in trouble. > > My preference is either for acme.sh: > > https://github.com/Neilpang/acme.sh > > which is an acme client written in portable (POSIX) shell. G'day Frank, I had a look, just for interest really. Very impressive. Clean, clear code and lots of useful shell programming techniques of all sorts, on a quick browse. Thorough built-in help on top of quality online docs. And the first link in the 'Who are using acme.sh' section, FreeBSD.org, points to Peter Wemm's excellent description of how it's used within the FreeBSD cluster, among other interesting cluster theory and practice. https://blog.crashed.org/letsencrypt-in-freebsd-org/ Hard to beat that for a recommendation. As for python: I take your point, though it's not hard to write crappy code in any language - but I think in Pascal, so what would I know! :) cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170526010738.Q54860>