Install for Non Main Stream Linux


Are there Install instruction for non-mainstream Linux running Apache ?

We have an IOT device that run a Roll our own Linux distribution and the Latest version of Apache.


1 Like

If your distro supports snapd, installing Certbot through snapd is the best option.

Otherwise, Certbot is a Python package and you can use the pip installation method:


That sounds good, but our IOT device is not capable of running Python. Are there any Python-less options ?

1 Like

Please see the list of client options here:

There might be more ACME clients out there tho, no guarantees that the list is complete.


Certbot is written in Python, but there are plenty of other clients available

I might suggest looking at (though I haven't used it myself) if you're looking for minimal dependencies on Linux, as it's "just" a shell script that uses command-line openssl and the like. Be aware that it might not use Let's Encrypt by default at some point.


Yes, see the list posted by @Osiris ; the project mentioned by @petercooperjr is great.

HOWEVER, I will point out this likely issue:

As @petercooperjr mentioned, most of the non-Python (or whatever language) tools just wrap OpenSSL commandline functions. If your device is unable to run Python, it it may potentially be unable to run OpenSSL and you may have a difficult time finding a library/tool that can run on that device. In that case, you may need to obtain certificates on another device and then install/transfer them onto your intended device.


For a bare bones Linux distro, check out some of the Go-based clients, like lego.

The binary releases for lego don't even depend on libc.


Assuming you can service your IoT device another option is to push or pull certificates from elsewhere (such as pulling from a key/secrets vault on AWS, Azure, Google Cloud (or self hosted) etc. The benefit of this approach is that the device itself doesn't need to negotiate with Let's Encrypt for domain validation etc, instead you would centrally renew certificates and push them to the key vault. If your devices have remote management such as ssh then you could also push certificates to them that way.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.