Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just use certbot. It automatically sets up a scheduled task to renew your SSL/TLS certificates in the background, typically using a systemd timer that runs twice a day. I do not know why people using LetsEncrypt would not set up certbot along with it, that is how I do it. Some nginx config + certbot.


Maybe the situation's improved, but I found certbot from system package managers would diverge from latest version, sometimes significantly, like support for DNS challenge APIs breaking. I switched to ‘acme.sh’ for most machines and haven't looked back. It no longer has Let's Encrypt as its default issuer, but you can set it back to LE with one config command.


I was going to mention acme.sh, too. certbot and acme.sh are two popular methods.

That said, I never had issues with certbot on Arch Linux, and I have been using it for a really long time.

Since Arch Linux is bleeding-edge, it does not diverge from latest version. :D


I use certbot, but I don't think it will email me if something goes wrong.


What would go wrong? I have been using LetsEncrypt (with certbot) for a really long time, and it never went wrong. Did it ever happen to you?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: