I would like to use letsencrypt as soon as it is public beta to replace my self-signed certificate. So I thought maybe try to find out how it works before I’m actually using it on a server.
- I cloned and started it and I was shocked: I was asked for my root password and not even a reason was stated! As it was just a desktop live-cd system I didn’t care but on a real server I would never do that. Without any further question it installed additional packages. Automation is nice, but a program that installs something without asking, is - simply speaking - rude. If you want a program to behave like that you normally set a switch like --force-yes
I really like your initiative and don’t want to offend anybody, but why don’t you just print a message like:
“letsencrypt cannot run because some software is missing, you can install it by calling:
apt-get install [package names]”. That would be nice.
Asking for a root password is in IMHO a no-go. If a program needs root-access for some reason should be run as root and not ask for root password. And I was only running --help…
- Unfortunately I still could not find out how it really works. Maybe I just couldn’t find the right documentation, but what I basically find is it’s super-simple you just have to call letsencrypt-auto and it will do everything for you including server configuration. I do not like that kind of simple. I like to understand what is going on.
How I would like the letsencrypt client to work: Every 90 days it is called by cron, it sends the CSR I generated to letsencrypt, it sets up it’s own server on some weird port (to not interfere with the webserver), letsencrypt server verifies I’m in control of the domain, sends back the signed certificate, the client replaces the old certificate and that’s it for 90 days. That’s what I would consider simple. Is it possible to run letsencrypt like that?