Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 May 2017 16:56:48 +0100
From:      Frank Shute <frank@woodcruft.co.uk>
To:        David Mehler <dave.mehler@gmail.com>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: Acme client not updating keys automatically
Message-ID:  <20170524155647.GE1232@lime.woodcruft.co.uk>
In-Reply-To: <CAPORhP4bS3HkE7q9vPriSusZvxC5YFAd5U8jEyA0x6cA1qucZQ@mail.gmail.com>
References:  <CAPORhP4bS3HkE7q9vPriSusZvxC5YFAd5U8jEyA0x6cA1qucZQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote:
>
> Hello,
> 
> I've got a Freebsd 10.3 system running several ssl-enabled web
> servers. I've got letsencrypt keys for all of them. I'm using
> py27-certbot (am not stuck on it so if there's an alternative), and
> have a cron job set to check keys and update them by doing a certbot
> renew.
> 
> I thought something was wrong when I kept getting key expirey notices
> from letsencrypt, then I checked a site and got a key has expired
> message.
> 
> Suggestions welcome.
> 
> Thanks.
> Dave.
 

Hi Dave,


I'll venture forth an opinion that is maybe a bit controversial.

The certbot written in python 2.7, as recommended by Letsencrypt, is a bit
crap IMHO.

It's possibly fine if you're running a vanilla LAMP stack but start doing
such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up
in trouble.

My preference is either for acme.sh:

https://github.com/Neilpang/acme.sh

which is an acme client written in portable (POSIX) shell.

Or: security/acme-client in ports which is written in C by a BSD bloke.

In my experience, the problem with software written in Python is that
because the barrier to entry is so low, is that even a mouth-breathing,
window-licking, know-nothing moron can write Python...and sure as shit,
they invariably do.

To be fair, I think a lot of that type are now picking up on Javascript and
it's bastard brethren. We've already seen a text editor written in it and
I feel it can be only a matter of time before they set their sights on a
RTOS...for suitably low values of "real time".


Regards,

-- 

Frank

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170524155647.GE1232>