On Fri, Oct 26, 2018, at 19:29, Noel Butler wrote: > Problem with letsencrypt is their preferred and insisted " certbot " > - does not run (easily at least) on all flavours..> I gave up with it on > slackware which is what my servers run, tried > using Crypt::LE and voila instant success, it was painless to use even > for (tested at least) renews, although it requires a working webserver > so come time to replace my comodo's on my MX's, will give me another > challenge :) https://letsencrypt.org/docs/client-options/ does recommend starting with Certbot, but it certainly makes it clear that there are alternative options: "If certbot does not meet your needs, or you’d simply like to try something else, there are many more clients to choose from below" You also don't need to generate your certificate on the same machine that hosts the services using the certificates. It can either increase or reduce complexity depending on the particulars of your environment, but I generate most of my certificates centrally using DNS based authorization and either push or pull the certificates based on what is appropriate. It is an imperfect world, and this definitely applies to Let's Encrypt's documentation, but I've had good success building on top of what is already out there to get a custom solution when I don't see a perfect cookiecutter fix.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
