Bear in mind that this is just one man's fantasy for what he believes would make for a saner world...
I feel that certbot's usage has become overly convoluted. Perhaps taking on a little RISC might help.
Hear me out completely, please, before commenting. The following represents what would be beyond the handbook I am still drafting as information becomes firm.
For starters... get rid of:
- Add a
clearfunction to clear all settings for a certificate without erasing the certificates and keys
- Add a
backupfunction to backup everything to a single file (outside the certbot directory structure)
- Add a
restorefunction to restore everything from a single file (outside the certbot directory structure)
- Add a 'sweep' function that sweeps everything (basically clears the entire ceftbot directory structure)
Mandate strict syntax:
certbot clear certname
certbot acquire certname authenticator "domain,name,list"
certbot install certname installer
certbot backup file
certbot restore file
Make certain that all used settings are saved. This includes those used for
--keep-until-expiring the default functionality that can only be overridden by
renew is coded internally to use
install with the saved settings in exactly the same fashion as would be expected on the command line.
installation outputs in the logs.
The benefits of completely segregating the acquisition and installation processes are many. Here are but a few:
- drastically reduced acquisition of duplicate certificates
- surety that acquisition has succeeded when incrementally executing/debugging
- clear distinction between usage of authenticators and installers