[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Certbot in Debian Stretch

Hi Peter,

On Tue, November 22, 2016 02:40, Peter Eckersley wrote:
> I'm an upstream developer for Certbot, previously known as the Let's
> Encrypt client (https://certbot.eff.org). Certbot is a flexible and very
> way to get certificates from Let's Encrypt;

Thanks a lot for your efforts. This is really useful indeed.

> The ACME protocol that it uses to talk to Let's Encrypt is also rapidly
> evolving through an IETF working group
> (https://datatracker.ietf.org/wg/acme/charter/), and the Let's Encrypt
> server-side codebase (https://github.com/letsencrypt/boulder) is
> currently working with an ACME backwards compatibilty window of 6-12
> months, but probably not longer than that.

I'm a bit surprised by this policy. To my knowledge, concepts like automation
and "hassle-free" are central to the Let's Encrypt concept. Obviously are
online for more than a year, so installing Let's Encrypt certificates on them
is not quite automated or hassle-free if you need to upgrade certbot several
times during the projected lifetime of the server.

Is it really necessary to have such, in my opinion, really short API
Surely you want to extend and develop it, but this can be done while keeping
compatibility with existing clients in the field.


Reply to: