Alternatives to lectl?

basilhendroff · November 25, 2020, 7:34am

There's plenty of choice when it comes to LE clients, but not so much, it seems, when it comes to LE reporting tools. Seaching this forum, I've found lectl, which draws it data from https://crt.sh/.

Being a shell script, I've managed to tweak lectl to work on FreeBSD. What I love about this reporting tool is:

There are a selection of LE cert summary views;
Certificate issue and expiry dates are in local time rather than UTC, which LE clients seem to be favour (at least, acme.sh does).
It lets me know how many certificates I can still issue before I hit the Certificates per Registered Domain rate limit (50 per week).

On the downside, being a shell script, it's as slow as molasses on my low-powered system. I was just wondering, apart from lectl, are any other LE reporting tools available?

_az · November 25, 2020, 7:57am

I created https://tools.letsdebug.net/cert-search?m=domain&q=%20qa-cluster3-qa1-core.api-dev.prov.clinical6.com&d=168, which also pulls from crt.sh.

Sort of. It doesn't do this accurately ever since the "renewal exemption" was introduced: Rate limits: fixing certs per name rate limit order of operations gotcha .

My tool has the same problem, you pretty much need a complete history of certificates in order to accurately calculate that number now. (Especially problematic now that crt.sh also truncates result sets).

basilhendroff · November 25, 2020, 8:24am

https://tools.letsdebug.net/cert-search
OMG.! This is good stuff! It's quick, doesn't require me to install software, and the Duplicate Certificates rate limit is so useful!

Thanks for the heads up.

system · December 25, 2020, 8:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.