On 10/29/2018 11:48 AM, Jim Popovitch via mailop wrote: > On Mon, 2018-10-29 at 11:31 -0400, Dave Brockman wrote: >> On 10/29/2018 10:40 AM, Jim Popovitch via mailop wrote: >>> You allow nsupdate from your cgi/php/java enabled webserver(s)? >>> >>> -Jim P. >> >> No, the whole point of using acme.sh and the nsupdate module is to >> avoid running a web server. You can also run LE with a webserver that >> doesn'tsupport cgi, php, or java, it only has to serve up a static >> directory. > > Obviously. My point being that it's saner to run a tightened webserver > on a host using certbot than it is to run acme.sh and nsupdate on a full > feature webserver.
I personally find nothing sane about certbot. There are easier, more lightweight, and auditable solutions available. Personal preferences aside, is there any assistance I can offer to get a valid certificate installed at chilli.nosignal.org? Cheers, --dtb
signature.asc
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
