Follow-up on @letsencrypt: I am not so optimistic about it as the folks who replied to my previous inquiry. It seems pretty unstable (for example, they just broke all currently installed versions on the 9th!), and a lot of stuff doesn't even work out-of-the-box...
-
-
There are definitely "compact executable" clients for Let's Encrypt - https://github.com/google/acme is one. Also, you can renew weeks before expiry date, so even if Let's Encrypt goes down, you can just try again later.
-
It's not that Let's Encrypt goes down - it's that your _client_ may be rejected, as happened in January. At that point, you have to have planned ahead and had some way for your Let's Encrypt cron job to _email you_ and let you know this, so you can go manually update it!
- Show replies
New conversation -
-
-
@cmuratori https://kristaps.bsd.lv/acme-client/ very sensible implementation, highly secure on BSD, reasonably secure on linux. Takes the policy to renew the certificate every month. You can slap it into a daily cronjob, after it is a month old it'll renew it. -
It will only replace the old cert if succesful, with something like OpenBSD's daily.local script you'd get notified automatically via e-mail when acme-client outputs an error. E-mail notifications with crontab aren't a big deal to setup either though.
- Show replies
New conversation -
-
-
FWIW there are other clients for LE that aren’t python. there is a single file go exe i think.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If you want reliability and stability just get a cert from DigiCert and be done with it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I use acme-tiny: https://github.com/diafygi/acme-tiny … It has not failed me at all for last ~2 years on multiple machines. Just to be safe I also use http://letsmonitor.org to notify me if cert is about to expire, but that has not happened yet.
-
How does it handle protocol changes, Martins, like the one that apparently happened in January? Does it update itself, or... ?
- Show replies
New conversation -
-
-
Yep, you should definitely try Caddy. Or lego, if all you need is the certificate itself. https://github.com/xenolf/lego -- a single static binary, no dependencies. Builds for any platform.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Everything about "modern" development is just a whole bunch of failure points, because "code reuse" is held as the most important value.
-
I guess nobody told them that when they reuse the code, they reuse the bugs. And the exploits :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.