Date: Wed, 24 May 2017 14:31:12 -0400 From: Jim Ohlstein <jim@mailman-hosting.com> To: David Mehler <dave.mehler@gmail.com>, freebsd-questions <freebsd-questions@freebsd.org>, Frank Shute <frank@woodcruft.co.uk> Subject: Re: Acme client not updating keys automatically Message-ID: <2f52e790-3eff-3ca0-46c0-4336b8e38046@mailman-hosting.com> In-Reply-To: <20170524155647.GE1232@lime.woodcruft.co.uk> References: <CAPORhP4bS3HkE7q9vPriSusZvxC5YFAd5U8jEyA0x6cA1qucZQ@mail.gmail.com> <20170524155647.GE1232@lime.woodcruft.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 05/24/2017 11:56 AM, Frank Shute wrote: > On Tue, May 23, 2017 at 08:23:24AM -0400, David Mehler wrote: >> >> Hello, >> >> I've got a Freebsd 10.3 system running several ssl-enabled web >> servers. I've got letsencrypt keys for all of them. I'm using >> py27-certbot (am not stuck on it so if there's an alternative), and >> have a cron job set to check keys and update them by doing a certbot >> renew. >> >> I thought something was wrong when I kept getting key expirey notices >> from letsencrypt, then I checked a site and got a key has expired >> message. >> >> Suggestions welcome. >> >> Thanks. >> Dave. > > > Hi Dave, > > > I'll venture forth an opinion that is maybe a bit controversial. > > The certbot written in python 2.7, as recommended by Letsencrypt, is a bit > crap IMHO. Not tryinh to start a fight (Honets!), but I'm curious as to how you arrived at that opinion. Code analysis, use for purpose, or just a general opinion of Python kiddie coders? I ask because I use it, and it suits my purpose just fine. Of course I use a few domain/multi-subdomain certs, and I simply force renew them manually the first week of every other month. Doesn't take more than a few minutes for the whole process inclusing reloading nginx, Postfix, Dovecot, etc. Only glitch was recently when one dependency got ahead of py-certbot. A suitable patch was available within a day or so. > > It's possibly fine if you're running a vanilla LAMP stack but start doing > such things as s/Linux/FreeBSD/ and s/Apache/Nginx/ and you rapidly end up > in trouble. > > My preference is either for acme.sh: > > https://github.com/Neilpang/acme.sh > > which is an acme client written in portable (POSIX) shell. > > Or: security/acme-client in ports which is written in C by a BSD bloke. I didn't realize that existed. Thanks! > > In my experience, the problem with software written in Python is that > because the barrier to entry is so low, is that even a mouth-breathing, > window-licking, know-nothing moron can write Python...and sure as shit, > they invariably do. Tell us how you really feel. ;) > > To be fair, I think a lot of that type are now picking up on Javascript and > it's bastard brethren. We've already seen a text editor written in it and > I feel it can be only a matter of time before they set their sights on a > RTOS...for suitably low values of "real time". > > > Regards, > -- Jim Ohlstein Professional Mailman Hosting https://mailman-hosting.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2f52e790-3eff-3ca0-46c0-4336b8e38046>