Hugo Landau

You can override permissions enforcement using this file: https://github.com/hlandau/acmetool/blob/master/_doc/contrib/perm.example

This is as (currently) designed. Certificates currently referenced by live/ are not culled by `cull`, even if they are expired, as they represent the best available certificate for that hostname....

"Currently a musl built version will segfault". I've tried this myself and it works if built on Alpine Linux (see APKBUILD linked in README), so I assume you're talking about...

I figure things should be rearranged to provide the following possibilities: ``` linux_amd64.tar.gz -- musl static linux_amd64_musl.tar.gz -- musl dynamic linux_amd64_glibc.tar.gz -- glibc dynamic linux_amd64_nocgo.tar.gz -- nocgo openbsd_amd64_nocgo.tar.gz -- nocgo...

What flags do you have in mind? This is probably an issue with Go programs and not specific to acmetool.

That's two. Still, at some point LE will start stapling SCTs to OCSP responses (which can be stapled themselves): https://github.com/letsencrypt/boulder/issues/592 So I wonder about the utility of this.

Neat. I've added a mention to the user guide's third-party resources section.

@dlitz Created #136.

I was intending this just to do a self-test check, not against the ACME server. Maybe have a flag to test it with the server as well. I'm fine with...

Of course the expiry time/URL for the authorizations stored on disk should be updated when using server test mode.