Install for Non Main Stream Linux

syncpak · June 23, 2021, 3:58pm

Hello,

Are there Install instruction for non-mainstream Linux running Apache ?

We have an IOT device that run a Roll our own Linux distribution and the Latest version of Apache.

Thanks

jvanasco · June 23, 2021, 4:27pm

If your distro supports snapd, installing Certbot through snapd is the best option.

Otherwise, Certbot is a Python package and you can use the pip installation method:

syncpak · June 23, 2021, 4:49pm

That sounds good, but our IOT device is not capable of running Python. Are there any Python-less options ?

Osiris · June 23, 2021, 4:54pm

Please see the list of client options here:

There might be more ACME clients out there tho, no guarantees that the list is complete.

petercooperjr · June 23, 2021, 4:55pm

Certbot is written in Python, but there are plenty of other clients available

I might suggest looking at acme.sh (though I haven't used it myself) if you're looking for minimal dependencies on Linux, as it's "just" a shell script that uses command-line openssl and the like. Be aware that it might not use Let's Encrypt by default at some point.

jvanasco · June 23, 2021, 5:14pm

Yes, see the list posted by @Osiris ; the acme.sh project mentioned by @petercooperjr is great.

HOWEVER, I will point out this likely issue:

As @petercooperjr mentioned, most of the non-Python (or whatever language) tools just wrap OpenSSL commandline functions. If your device is unable to run Python, it it may potentially be unable to run OpenSSL and you may have a difficult time finding a library/tool that can run on that device. In that case, you may need to obtain certificates on another device and then install/transfer them onto your intended device.

_az · June 23, 2021, 10:31pm

For a bare bones Linux distro, check out some of the Go-based clients, like lego.

The binary releases for lego don't even depend on libc.

webprofusion · June 24, 2021, 4:56am

Assuming you can service your IoT device another option is to push or pull certificates from elsewhere (such as pulling from a key/secrets vault on AWS, Azure, Google Cloud (or self hosted) etc. The benefit of this approach is that the device itself doesn't need to negotiate with Let's Encrypt for domain validation etc, instead you would centrally renew certificates and push them to the key vault. If your devices have remote management such as ssh then you could also push certificates to them that way.

system · July 24, 2021, 4:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.