certbot-zimbra
certbot-zimbra copied to clipboard
YetOpen
Use acme.sh as backend
Ok ditch certbot-auto and install certbot from packages, or via snap
I am strongly considering migrating to acme.sh or another similar ACME client, since certbot now wants to be installed via snap (on older distribution releases, the only way to get an up-to-date certbot, since the distro repos have outdated versions), and I refuse to install snap on my servers.
Originally posted by @jjakob in https://github.com/YetOpen/certbot-zimbra/issues/129#issuecomment-840439335
I'm fine with that, indeed I'm not loving using snap either.
Do you have time to take care of this, because I don't 😓
Looks like this one is pretty promising. https://github.com/acmesh-official/acme.sh
I haven't looked into how the current renewals work to see how much effort it would take to switch but I have to agree as convenient as snaps are for some things I really feel weird installing them on everything for something so simple as there slow...
Acme.sh has a plugin for Zimbra install. Also there's a wiki page on how to delpoy LE cert in Zimbra using acme.sh.
Certbot can now be installed via pip, which looks like a less invasive method rather than snap. Also, going acme.sh where there's already an implementation for Zimbra is a duplicate effort.
I'd stay as is, we could implement certbot installation either via pip or snap directly in the script
After considering acme.sh I personally don't consider it adequate as they don't do release or code signing. Neither does certbot-zimbra but maybe we can in the future do commit and release signing. It's good that all the tools the script relies on are signed so they can be verified by the user during their installation process.