Add compatability with certbot #386
Comments
|
If there is any useful option that certbot has but acme.sh doesn't have, please feel free to create issue here. But it's never our goal to keep the compatability with certbot. I really don't like how certbot works, that's why I wrote acme.sh. |
|
Neil I'm curious what those things you don't like about certbot are (besides the huge number of dependencies) |
|
When I first knew certbot, it wasted my whole weekend to install it on my server, and it's also a big pain to read the doc, the commandline options is not obvious to starters. And there was even not a doc tell me how to start. When I searched the web, I found everywhere something like: Nobody explained how it worked. They just copied and pasted. Why was there a As in my point of view, the parameters/usage of Almost in every articles/posts that introduced the It was a big waste of time for the users. It's too expensive. Come on, they just need a cert, right ? The situation might be better from then to now, but I never read any docs about So, I started read acme protocol, and knew that things are dead simple. It should not be as complicated as Then I started |
|
i spent a couple of hours this weekend (so latest documentation available) trying to figure out how to do DNS01 with letsencrypt client... gave up and that's why i keep on using acme.sh.... amazing support, very light install, great documentation, and does the job |
|
Thanks. Yes, that's what I'd like to see. Another pain was that the It's my goal to save everybody's time. Time is expensive for you, me and evey one. If it costs more than 1 hours for me to get a 3 months cert, why don't I spend $1 usd to buy a 1 year cert from comodo ? Sorry about my too many complains. |
|
hey, i'm the one that asked :) |
|
Hi, sorry to hijack, but I was wondering how would I go about replacing certbot with acme.sh? Should I just Some domains would be the same as before (with certbot), but I have a few subdomains to add to the chain. Love acme.sh and have been using on a few installs, but this one was before I knew about acme.sh. |
|
Yes, you can remove certbot or just forget it. Just install acme.sh and there would be not problems. |
|
Talking about the "--expand" option in certbot: is there a recommended way to add domains to an existing certificate with acme.sh? |
|
@enzomich |
|
@Neilpang To add domains to existing certificates. See e.g. http://stackoverflow.com/questions/38302401/letsencrypt-add-domain-to-existing-certificate |
|
why not use |
|
With certbot, according to the stackoverflow page linked above, trying to reissue a certificate for an already existing domain (plus the one to be added) results in an error "Result: error folder test.example.com already exists", so I thought that the same was going to happen with acme.sh . |
|
@enzomich |
|
OK thanks, I'll give it a try. |
|
but you have to --force a renewal (which can hit rate limits) when adding domains to an existing cert (=expanding), right? |
|
@bolera Yes |
Certbot is kind of default implementation and it would be very cool if acme.sh could by used as a direct drop in replacement.
Here is a typical command line for certbot. Most options are mostly the same with minor differences.
/usr/local/bin/certbot certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email postmaster@example.org --domains example.org --domains www.example.org --webroot-path /interface/acme
The text was updated successfully, but these errors were encountered: