[Ach] bettercrypto.org certificate has expired today
Aaron Zauner
azet at azet.org
Sun Feb 26 01:04:46 CET 2017
> On 25 Feb 2017, at 11:21, Hanno Böck <hanno at hboeck.de> wrote:
>
> On Fri, 24 Feb 2017 19:53:30 +0100
> "L. Aaron Kaplan" <kaplan at cert.at> wrote:
>
>> FIXED & thx to maclemon!
>
> Is it fixed in the sense that you replaced it with a new (3 month) one
> or have you implemented some kind of automation to renew it regularly?
>
> I think with LE it really doesn't make any sense to do it without
> automation. Which is annoying in the beginning, but the right thing on
> the long term.
Yes, I totally agree there. LE without the tooling (and their API) makes little to no sense.
About acme.sh in a follow-up mail: why? The Python tools are pretty decent as is their code-base (since I work[ed] on parts and have been using Python extensively in the past for systems tooling, I think I can reasonably judge), they use well maintained libraries and are checked by a lot of people. Exploiting a bash script is an order of magnitude easier than any Python code.
If you think the certbot code is bad - take a look at this mess: https://github.com/Neilpang/acme.sh/blob/master/acme.sh
Even though I've seen far worse they do not make use of a lot of bashisms (which, for example, makes injection easier). A while ago I've written this - now community maintained - guide, if you're into bash check it out: https://github.com/azet/community_bash_style_guide
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20170226/94f180de/attachment.sig>
More information about the Ach
mailing list