That’s not pure bash – you still depend on bash itself, OpenSSL, cURL, Vim, openbsd-netcat (doesn’t work with gnu-netcat), not to mention hardcoding CentOS-specific knowledge in it… It barely parses HTTP responses with sed & grep, and you’re doing dangerous things like
killall -9 nc which can kill unrelated stuff that the sysadmin is running.
On the one hand, I do like tools which are light on dependencies (and the official client sure needs a lot).
On the other hand, this is a thing that has to be run unattended every month, so I’d definitely take “reliable” over “light”. There already are better clients with no dependencies, e.g.
acmetool in Golang (which only requires libcap & libattr).
- Stop putting things in
/bin without permission. (Well, if you must, there’s /usr/local/bin.)
- Don’t use
/home/.acme, that’s what /etc is for (or sometimes /var/lib).
- Don’t put the certs in the user’s home directory, use /etc or /var/lib again. (Services accessing /home can cause various problems, especially when SELinux, AppArmor, NFS, AFS are involved.)
- Improve the command line usage – use options (e.g.
while getopts...) instead of the current “some value | no” positional parameters.