top | item 24430568

(no title)

A few people have already suggested alternatives to certbot, so I thought I'd throw another suggestion into the mix: dehydrated (formerly known as letsencrypt.sh)

https://github.com/dehydrated-io/dehydrated

I've got only good things to say about it. It's a single shell script, making it super easy to install and start using. It's quite configurable, but has sensible defaults and just works without demanding much operator attention.

discuss

crumbshot|5 years ago

I second your recommendation. After installing it on some of my now long-running servers back in 2016, I've only touched it a couple of times since. It's been working seamlessly since then.

Configuration was easy, I just ended up writing a simple shell script for the deploy challenge hook, to copy the certificates and reload configurations on nginx etc.

The two times I chose to intervene were straightforward too. The first was because of the ACME protocol upgrade, for which I just needed to drop in a newer copy of dehydrated, and rename references to its old name. The second was because I needed to configure the ACME DNS challenge to get a wildcard domain, and that just involved modifying the deploy challenge hook to temporarily run a custom DNS server that responded to the challenge.

I did take a look at certbot, or whatever it was called back then, and decided against it quite quickly due to the perceived complexity. Also I seem to recall it didn't support nginx properly.

After reading this user review, I'm quite glad I did that. Though I do wonder why the author persisted in using that client despite all the problems they were having with it, given the choices available in the wider Let's Encrypt ecosystem.