acme-client replacement

SirDice

Administrator
Staff member
Administrator
Moderator
As you may or may not know security/acme-client was removed recently, upstream stopped updating the code. I liked it, it had very little dependencies and I liked the scripts. It made integrating it really easy.

What's a nice alternative for it?
 
I like the "no dependencies". I'm always in favor of that. Will definitely check it out, but it looks like I'm going to need to rewrite/rebuild a few scrips in order to fit it in. I was kind of hoping for a "drop-in" replacement.

My current set up checks if lagg(4) is MASTER, then runs the update scripts to update new/expired certificates. It then runs the deploy scripts to add the certificates to HAProxy and reloads it. Second phase is to rsync the certificates to the other node and reload HAProxy there too. I had to check for the lagg(4) status to prevent both nodes trying to update the certificates simultaneously. Now only the MASTER updates and deploys it to the BACKUP. The scripts themselves are the same on both hosts, whichever one is set to MASTER will take care of the updates.
 
I did previously use acme-client but transitioned about a year ago.
Speaking of which, can I reuse the account.key or should I just let it generate a new one? I probably need to move things around a bit but I assume I can get it to update my existing certificates?
 
Speaking of which, can I reuse the account.key or should I just let it generate a new one? I probably need to move things around a bit but I assume I can get it to update my existing certificates?

I believe you can re-use the account key. I'm not 100% sure, I just started fresh when I switch.
 
Few hours ago I rewrote all my scripts related to Let's Encrypt and switch to acme.sh

You can reuse the account key which allows 300 SSL / 3 hours instead of 10 SSL / 3 hours (because acme-client create a new account per SSL).
 
Back
Top