Victor Sudakov wrote:> > Which client is now recommended to work with Let's Encrypt? > > I see numerous clients in the ports tree, some deleted, some renamed... > Which one is good?It is interesting how several people advised different software: py-certbot, acme.sh, dehydrated. The majority is for py-certbot, so I'll probably use it. Thank you. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20190909/2b617004/attachment.sig>
On Mon, 9 Sep 2019 16:06+0700, Victor Sudakov wrote:> The majority is for py-certbot, so I'll probably use it. Thank you.I have found it prudent to run certbot twice a month from cron(8), just to be safe. Last year, I had one case where the certificate expired a few hours before the next run of certbot. Had I run certbot on the 1st and on the 15th day of each month, then the certificates would have been updated ahead of their expiration. E.g.: #minute hour mday month wday who command 52 4 1 * * root certbot renew --quiet --pre-hook "service apache24 stop" --post-hook "service apache24 start" 52 1 15 * * root certbot renew --quiet --pre-hook "service apache24 stop" --post-hook "service apache24 start" -- Trond.