Trouble using Let's Encrypt on OS X

It is not an accusation, it’s a rational questioning of the practice of blindly trusting websites, which is inherently foolish.

You don’t have to blindly trusting anything, and no one is suggesting you should. The site literally has a link to its source code on it. If you’re worried about it, review the code. Ultimately, that’s the only way you can be 100% certain. If you’re worried about the commands the site suggests you run, do some research on them or read man pages.

@jsha
I think I’m being pretty kind, in so far as I’m bringing rationality to the discussion and trying to solve problems.

I don’t see you chastising peelman, who first accused me of wasting his time because I dared to ask questions after I was the victim of having had my time wasted because no one documented the need for libffi until I mentioned it.

I can see why someone else started a thread called “getting bad vibes”. You are giving them now.

pfg, just because there’s a link to source code, that does not mean that is the source code that is installed on the server.
Question your assumptions please.

This is why I suggested running a local version, if you’re worried about that. Please re-read my initial reply.

OK, I’ll check out that option. Thanks pfg.

In addition to @pfg’s point (that you can examine the source yourself, and even run it locally if you prefer) is this one, which both he and I have previously raised: there’s no need to trust the site, because you don’t give it anything sensitive. The information you give (the account public key and the CSR) is public information, and would be publicly released whether or not you used that site. They cannot derive private information (i.e., the account or the site private key) from it. They cannot harm you with it. The worst they can do is mess up the certificate-issuing process so your cert doesn’t work. An inconvenience to be sure, but it does not place any data at risk.

That thread (Getting Bad Vibes) is a masterpiece of vagueness, hand-waving, and innuendo, posted by someone who apparently can't distinguish disagreement from dismissal. The only concrete criticism offered in that thread (and that not by the OP) is that the official client only runs on Unix-y operating systems.

You did not "ask questions" in your OP. You complained that LE was "impractical" and "overly demanding" because it isn't as convenient for your use case as some commercial CAs. That is a waste of time. While your subjective intent may have been to solve a problem, that certainly wasn't apparent from your post.

1 Like

Outstanding patience shown by a couple of members here. I would have lost my cool long before now.

1 Like

Dealing with low-knowledge/non-tech help vampires is one of the reasons why we can’t have nice things (longer duration certs and supporting all forms of obscure use cases). Some people are just looking to cheap on their paid services and place all their support burden (reasonable or not) onto a free community.

1 Like

Indeed. Even the initial texts from Flar attitude were like he is contacting someone who owes him something. Although whatever reasons there are, there is a point to express them only if they can be understood by other party. Here I do not see these reasons. Service is free, runs on donations (or so I understood), and in beta stage, so it will get better later — it is quite obvuios that one day this will be solved due to huge demand. It is also great how OP states that “he has limited time” and “I don’t want to pay money” because this is exactly how you ask community to do something for you and everyone else is with time and money :smile: . Wonder if it ever works.

Yeah, I don’t understand the sense of entitlement this guy is portraying. It’s a free service, provided by altruistic, knowledgeable and hard working people for the benefit of everyone.
The various OS ports are done by hard working philanthropic volunteers and he acts as if they are contractually obliged to drop everything and focus on his specific issue and then throws his toys out of the pram when that’s not achieved.
And yet even after all this some people still try and help him.
I couldn’t do it.
You guys have the patience of a saint and I take my hat off to you.

What were you expecting from software in a beta phase that specifically gave you the following warning when you attempted to use it?

WARNING: Mac support is very experimental at present…

Consider Let’s Encrypt on OS X a developer preview; If you’re not willing to invest time into solving issues or don’t have the technical capabilities to do so, wait until OS X is fully supported or try a different client.

1 Like

That warning was not clear earlier on, neither to me nor to multiple other people clearly.
At any rate I have tried to be helpful in giving feedback on how it is not working properly; the response however has been negative, much as as another person said: “bad vibes”. One idiot bizarrely accused me of being a troll, and others then acted a bit like cult members going after the heretic.

How do you mean? The warning has been in place for a long time, or did you mean it's not obvious enough, or not in the right place? If so, how do you think it could be improved on? Documentation is certainly not perfect yet, so understanding where those issues stem from is important.

The negativity, if you want to call it that, came up because of how you gave your feedback, not because of what you were talking about. You came in with the expectation that a free CA which just started issuing certificates and is still in a beta state would immediately be as convenient as getting a certificate from either one of the biggest domain registrars in the business (who's probably in a position to skip a lot of verification steps due to being your registrar), or one of the biggest and oldest CAs out there. That was obviously asking for a bit too much, but people were happy to point you towards alternative options and/or clients anyway. If you want to go ahead and review this thread, you will see that there were a number of helpful replies before the first person said anything about your expectations being too high; at which point the discussion took a turn for the worse.

Unfortunately, the feeling of entitlement and not knowing the difference between providing valid feedback and demanding things are done the way one wants them to is what turns a lot of people away from starting or contributing to open source projects.

2 Likes