Letskencrypt - C implementation of certbot for FreeBSD (& portable)

rugk · May 31, 2016, 12:36pm

Be up-front about security: OpenSSL is known to have issues, you can't trust what comes down the pipe, and your private key's integrity is a hard requirement. Not a situation where you can be careless. letskencrypt is a client for Let's Encrypt users, but one designed for security. No Python. No Ruby. No Bash. A straightforward, open source implementation in C that isolates each step of the sequence.

https://kristaps.bsd.lv/letskencrypt/

Versions:

letskencrypt — OpenBSD 5.9 and above
letskencrypt-portable — other systems

Osiris · May 31, 2016, 7:13pm

All good 'n well, but the non-OpenBSD code still depends on LibreSSL

The only dependency of letskencrypt-portable is LibreSSL. The standard letskencrypt has no dependencies.

Although one might debate LibreSSL is "safer" than OpenSSL, it still could contain security flaws

kristapsdz · June 2, 2016, 8:17pm

The point of letskencrypt is that it isolates usage of OpenSSL function calls (LibreSSL) into their own locked-down processes. So that the security flaws, inevitable in any software, have a minimal effect on one’s system. (Disclaimer: I wrote it.)

The dep on LibreSSL is for libtls, though.

Topic		Replies	Views
Letsencrypt in Trusty Help	6	1051	May 9, 2019
Questions re: OpenSSL Client Compatibility Changes for Let’s Encrypt Certificates Issuance Tech	55	9903	September 7, 2021
Is this safe? (sslforfree.com) Help	5	46079	March 30, 2018
Let's Encrypt client 0.1.1 released	3	2583	December 19, 2015
Client Version 0.4.2 Released Client dev	0	1692	March 4, 2016

Letskencrypt - C implementation of certbot for FreeBSD (& portable)

Versions:

Related topics