This script has nothing to do with nginx, it is the one used for certificate request generation to Let's Encrypt.
They intend to use certificate with shorter and shorter lifespans as the process is considered more and more robust, to fight against compromised certificates in the wild. Thus, automating the process is a good idea as manual installation could become a huge burden, not to mention manual request/generation. For the moment, the only way with nginx is to only request certificates and install them yourself manually afterwards. It could be automated somehow, depending on the Let's Encrypt script outcome, and then moving certificate files around + issuing nginx reload. It might be a compromise to avoid generated certificates go live without your own proper validation. I suggest you complain about the use of python on the Let's Encrypt board <https://community.letsencrypt.org/> directly. I was merely trying to bring the attention of nginx experts on this topic, as a thorough understanding of nginx' way of working is in my eyes necessary. Your complaint has little impact/use here. For the security concern you are talking about, the fact the script is open-source and provided to the eyes of the whole world <https://github.com/letsencrypt/letsencrypt> allows you to carefully review its code before using it, as one should do it. Open-source works only if you validate libraries you use (or if you take the risk the community does it for you, with no complaint from your side then). --- *B. R.* On Wed, Nov 11, 2015 at 4:07 PM, 173279834462 <[email protected]> wrote: > > They are currently struggling with their nginx module, > > allowing a certificate to be automatically installed on nginx. > > Would you really use that script? > > 1. It requires python. --- I do not have python on my server, > and I have no intention to install it. You can kick and scream, > but that will not change my decision. If nginx will demand > python to run, I will drop nginx for something I trust more. > > 2. Assuming *you* have python on board, and something > breaks. Say, the script is hacked and you server installs > something else than your intended certificate. Are you > ready to pay for the damages? > > Posted at Nginx Forum: > https://forum.nginx.org/read.php?2,262697,262746#msg-262746 > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
