Hacker News new | comments | ask | show | jobs | submit login

I think this is a nice option. I gave it a try —and read the source code. :) I opted for acmetool[1] though, which albeit much larger (and thus much more difficult to verify), is easier to use [2].

The more impressive option I've seen is caddy server [3] which sets up everything automatically. You start the server and it automatically requests certificates, serves your content (static, fcgi, proxy etc) through TLS and redirects plain traffic to SSL. You don't even need to know what let's encrypt or ssl is. It has a bug though, every time you start the server it requests a new certificate, so after a few restarts you will get your domain temporarily banned from let's encrypt.

[1] https://github.com/hlandau/acme.t or `go get github.com/hlandau/acme/cmd/acmetool`

[2] acmetool quickstart && acmetool want example.com www.example.com

[3] https://github.com/mholt/caddy




> It has a bug though, every time you start the server it requests a new certificate, so after a few restarts you will get your domain temporarily banned from let's encrypt.

There is a bug in the case of a failure in which it doesn't write the successfully-obtained certs to disk, but that will be fixed in the next patch release. Caddy does reuse certificates if it already obtained them before; it persists them to the disk for next time.


Thank you for the clarification and your work on caddy! I really like it and recommend it.

Indeed, the bug affects an edge case, but due to caddy being relatively new (thus you have many new users) and let's encrypt being very new, I think this edge case will be a bit more common for the next few days/weeks. :)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: