The standard acme client is way too convoluted, complex and performs too many unwanted operations. I correctly assumed that the client was not suited at all for use on a production system.
The following issues are a no-go in my perspective, most performing unwanted operations:
- Requiring sudo
- Automatically update the package list
- Automatically install packages
- Automatically (and repeatedly) cloning external repositories
- Automatically adding entries in /etc, /var/log, ~/.local/share and /var/lib
- Automatically performing configuration changes
- Too many arguments needed for basic operation
- Unreadable, nonsensical error messages
- No ability to clean up installed files
Many of these issues have already been expressed in previous topics but only for specific installations. To be honest a client should never ever perform the first 5 issues listed above. In regards to the 6th issue, a client should never assume “I are vebserver!” and either try to mess up your existing configuration or tell you to shut down the existing instance (seriously?).
The final command I used which borders insanity was:
./letsencrypt-auto -a manual -d domain.tld --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly -v --debug
Incidentally, the same command failed for the second domain I tried to register due to some UTF-8 conversion issue in it’s own configuration files. Removal of /etc/letsencrypt was required to proceed.
Simply trying to get the list of available command line options (ie. ./letsencrypt-auto --help) triggers full-blown system update and package installation.
Experience once again proves not to trust anything written in Python… Although I eventually succeeded in obtaining the relevant certificates, I will not be using letsencrypt in the foreseeable future. I thank you for making me spend 2 hours cleaning this mess from my system.