I’m confused. The ACME protocol is already REST based. And certbot is one of many REST clients consuming that API. So you want to build another REST API the utilizes certbot under the hood? So you’d then have REST clients calling your REST API which calls certbot (a REST client) which calls the ACME REST API?
Wow!
I applaud the effort, but it better come with very explicitly detailed error messages…
[or this may just make things that much harder to troubleshoot when things don’t work as expected]
this is true however there are client side functions such as management of account keys, generation of CSRs and install behaviours which the ACME APIs won’t do for you.
key consideration is that the core certbot libraries are fairly well written and maintained
Currently the only option is to access them is via a CLI
Hug.rest has the advantage of being able to quickly wrap any functionality without having to write a web server.
I feel like I must be missing something obvious here. Is the target audience for this a typical user who would be installing it on their server in addition to certbot in order to call certbot remotely via REST? And if so, isn’t that more complicated than just calling the CLI once and letting cron auto-renew?
Or is this to setup like a REST based version of (for example) SSLForFree where users can’t/won’t run a normal ACME client on their own machine?
The other thought that occurs to me is that Certbot uses a lockfile very aggressively, so access to the web API would have to be completely serialized (arguably rendering it useless).