acme-client replacement

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,562
Messages: 30,279

As you may or may not know security/acme-client was removed recently, upstream stopped updating the code. I liked it, it had very little dependencies and I liked the scripts. It made integrating it really easy.

What's a nice alternative for it?
 
OP
OP
SirDice

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,562
Messages: 30,279

I like the "no dependencies". I'm always in favor of that. Will definitely check it out, but it looks like I'm going to need to rewrite/rebuild a few scrips in order to fit it in. I was kind of hoping for a "drop-in" replacement.

My current set up checks if lagg(4) is MASTER, then runs the update scripts to update new/expired certificates. It then runs the deploy scripts to add the certificates to HAProxy and reloads it. Second phase is to rsync the certificates to the other node and reload HAProxy there too. I had to check for the lagg(4) status to prevent both nodes trying to update the certificates simultaneously. Now only the MASTER updates and deploys it to the BACKUP. The scripts themselves are the same on both hosts, whichever one is set to MASTER will take care of the updates.
 

ekingston

Active Member

Reaction score: 58
Messages: 225

I'm also using acme.sh and it works well. I did previously use acme-client but transitioned about a year ago.
 
OP
OP
SirDice

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,562
Messages: 30,279

I did previously use acme-client but transitioned about a year ago.
Speaking of which, can I reuse the account.key or should I just let it generate a new one? I probably need to move things around a bit but I assume I can get it to update my existing certificates?
 

ekingston

Active Member

Reaction score: 58
Messages: 225

Speaking of which, can I reuse the account.key or should I just let it generate a new one? I probably need to move things around a bit but I assume I can get it to update my existing certificates?
I believe you can re-use the account key. I'm not 100% sure, I just started fresh when I switch.
 

CyberCr33p

Active Member

Reaction score: 14
Messages: 189

Few hours ago I rewrote all my scripts related to Let's Encrypt and switch to acme.sh

You can reuse the account key which allows 300 SSL / 3 hours instead of 10 SSL / 3 hours (because acme-client create a new account per SSL).
 
Top