yeah. time to look for a lean ACME client I can trust instead of continuing to use that bloated stuff.
There you can see the changes made to the script, including the ArchLinux part which is triggered by the existance of /etc/arch-release
.
It would be very easy to revert to the working version: https://raw.githubusercontent.com/certbot/certbot/7f0fa18c570942238a7de73ed99945c3710408b4/letsencrypt-auto-source/letsencrypt-auto
(it still has the very ancient name letsencrypt-auto
, but it's the same script as certbot-auto
)
I've often wondered why certbot seems to have such heavy requirements compared to a similar functionality in acme.sh...
Well, some might call certbot bloated, other might call it "feature rich". In any case it depends highly on a lot of Python dependencies. I'm not an expert enough to judge that though. What I can say is that certbot has more features than acme.sh
What I can say is that I have Python 3.6, which should be enough as it has pip and venv built in.
Ooeeh, a package manager
But I'd recommend using the older script I linked above and overwrite your current certbot-auto
with it and keep using it with --no-self-upgrade
to prevent this issue again.
You might also choose to edit the script so you won't have to add and remove /etc/arch-release
. Just edit the elif [ -f /etc/arch-release ]
to always return true
.
People use ancient certbot releases a lot around here. I've seen 0.31.0 more often than not.
I always run it with --no-self-upgrade but I have to upgrade from time to time if I want it to keep working. We are not talking about some box that will be gone in 3 years. Another client still seems to be the better choice.
Actually that step was only required for the first install.
As the certbot-auto
script is deprecated anyway, yes, that might be better indeed. But for the short run, you can run the previous version if you really need to.
You could go totally overboard and completely write your own client like I did. Granted that support and maintenance come from the man in the mirror.
I guess it's the gold standard, if by that you mean the gold standard for how Let's Encrypt should not be used.
If you're paranoid about security though, it really is the ultimate DIY approach. Fully-downloadable, all-inclusive JS with no key sharing (account or certificate). Tin foil hat optional.
It seems like most active projects are trending toward docker or snap distribution at this point. Hopefully that'll make snap less painful to use over time, but I really don't see sticking with native distribution as a long-term viable alternative, even acme.sh. Sure would be nice to have a better deprecation message telling you what the successor is, of course.
I beg to differ. I'm running Gentoo and don't use binary packages. Snapd doesn't even run on non-systemd systems. I see docker as a system for people who are new to Linux and need an easy method.
Personally I am fond of agnostic approaches like PHP and JS with minimal/no extension that leave handling the underlying details to the platform. They let me focus on developing and maintaining my client rather than worrying about porting issues.
Fair point. To avoid such dependencies I try to only use the base functionality (i.e. standard libraries almost always included with the base install). I'm not too worried about PHP deprecating openssl or curl.
You mean this install of PHP? Base/basic enough?
[ebuild R ] dev-lang/php-7.4.9:7.4::gentoo USE="apache2 -acl -argon2 -bcmath -berkdb -bzip2 -calendar -cdb -cgi -cjk -cli (-coverage) -ctype -curl -debug -embed -enchant -exif -ffi -fileinfo -filter (-firebird) -flatfile -fpm -ftp -gd -gdbm -gmp -iconv -imap -inifile -intl -iodbc -ipv6 -json -kerberos -ldap -ldap-sasl -libedit -libressl -lmdb -mhash -mssql -mysql -mysqli -nls -oci8-instant-client -odbc -opcache -pcntl -pdo -phar -phpdbg -posix -postgres -qdbm -readline (-selinux) -session -session-mm -sharedmem -simplexml -snmp -soap -sockets -sodium -spell -sqlite -ssl -systemd -sysvipc -test -threads -tidy -tokenizer -tokyocabinet -truetype -unicode -webp -xml -xmlreader -xmlrpc -xmlwriter -xpm -xslt -zip -zlib" 0 KiB
To be fair, this aren't actually my USE-settings for my PHP
What did you end up doing? I also rolled my own distro.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.