Use acme.sh as backend

Question

Use acme.sh as backend

Closed this issue a year ago · 6 comments

Ok ditch certbot-auto and install certbot from packages, or via snap

I am strongly considering migrating to acme.sh or another similar ACME client, since certbot now wants to be installed via snap (on older distribution releases, the only way to get an up-to-date certbot, since the distro repos have outdated versions), and I refuse to install snap on my servers.

Originally posted by @jjakob in #129 (comment)

Answer 1 · 2021-05-13T12:51:59.000Z

I'm fine with that, indeed I'm not loving using snap either.

Do you have time to take care of this, because I don't 😓

Answer 2 · 2021-05-13T15:17:52.000Z

I'll see when I get some time, hopefully this month.

Answer 3 · 2021-06-14T05:21:23.000Z

Looks like this one is pretty promising.
https://github.com/acmesh-official/acme.sh

I haven't looked into how the current renewals work to see how much effort it would take to switch but I have to agree as convenient as snaps are for some things I really feel weird installing them on everything for something so simple as there slow...

Answer 4 · 2021-06-28T09:07:26.000Z

Acme.sh has a plugin for Zimbra install. Also there's a wiki page on how to delpoy LE cert in Zimbra using acme.sh.

Answer 5 · 2021-11-15T15:24:20.000Z

Certbot can now be installed via pip, which looks like a less invasive method rather than snap. Also, going acme.sh where there's already an implementation for Zimbra is a duplicate effort.

I'd stay as is, we could implement certbot installation either via pip or snap directly in the script

Answer 6 · 2023-02-26T22:11:43.000Z

After considering acme.sh I personally don't consider it adequate as they don't do release or code signing. Neither does certbot-zimbra but maybe we can in the future do commit and release signing. It's good that all the tools the script relies on are signed so they can be verified by the user during their installation process.