Letskencrypt - C implementation of certbot for FreeBSD (& portable)

Be up-front about security: OpenSSL is known to have issues, you can't trust what comes down the pipe, and your private key's integrity is a hard requirement. Not a situation where you can be careless. letskencrypt is a client for Let's Encrypt users, but one designed for security. No Python. No Ruby. No Bash. A straightforward, open source implementation in C that isolates each step of the sequence.



letskencrypt β€” OpenBSD 5.9 and above
letskencrypt-portable β€” other systems


All good 'n well, but the non-OpenBSD code still depends on LibreSSL :stuck_out_tongue_closed_eyes:

The only dependency of letskencrypt-portable is LibreSSL. The standard letskencrypt has no dependencies.

Although one might debate LibreSSL is "safer" than OpenSSL, it still could contain security flaws :wink:


The point of letskencrypt is that it isolates usage of OpenSSL function calls (LibreSSL) into their own locked-down processes. So that the security flaws, inevitable in any software, have a minimal effect on one’s system. (Disclaimer: I wrote it.)

The dep on LibreSSL is for libtls, though.