Comment by traceroute66

Comment by traceroute66 3 days ago

2 replies

View on Hacker News

Oh dear.

I'm sorry. But do you really need to re-invent the wheel yet again ?

Go to the Let's Encrypt website, there is a whole page of client implementations[1].

What makes yours better than, for example, `lego` or `caddy` or `step` ?

All of which are easy to use, come with sensible defaults and do not provide you with "innumerable ways to shoot yourself in the foot".

And for people who really can't use Let's Encrypt because "its difficult", there are still all the old-school, well-established, commercial CA's out there who will hold your hand in return for a few dollars.

[1] https://letsencrypt.org/docs/client-options/

cortesoft 3 days ago

I haven't fully looked into it, but it seems to me that this is basically a hosted version of Acme-dns (https://github.com/joohoi/acme-dns)

The point of acme-dns is for people who 1) need to use DNS validation because they don't have an externally accessible web server or need a wildcard cert and 2) either use DNS providers that don't provide API support or whose API support has not been integrated into their tool of choice like cert-manager or certbot.

I have had to use ACME-DNS for that reason, and I don't think it is a horrible business to try to offer that as a service. I don't think I would use it (since acme-dns isn't that hard to set up and I am familiar with it), but I could imagine other people might want to.

Reply View 0 replies
benburkert 3 days ago

We don't think of it as reinventing the wheel since it works with all existing RFC compliant ACME clients without needing a plugin. You can use lego, caddy, certbot, cert-manager, or whichever ACME client you prefer.

ACME is great and it's certainly an improvement over the legacy CA alternatives. But there's also some rough edges that we think can be streamlined.

Reply View 0 replies