Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 29-Jan-2025 00:40:59 JST Haelwenn /элвэн/ :triskell:
   I guess I might just switch away from acme-sh, way too portability-hacky for it's own good.
   
   Anyone got an ACME client which:
   - is Libre and packageable (so no Go unless very few deps, no npm, no Rust, …)
   - is free of GNUisms
   - doesn't requires root access
   - supports Elliptic Curves
   - supports DNS challenge for wildcards, with custom hooks to update challenge zones and DNS alias mode
   • Embed this notice
     nyanide :nyancat_rainbow::nyancat_body::nyancat_face: (nyanide@lab.nyanide.com)'s status on Wednesday, 29-Jan-2025 00:43:05 JST nyanide :nyancat_rainbow::nyancat_body::nyancat_face:

     in reply to
     @lanodan you'd be better off winning the lottery than finding an existing acme client that does all of this if i had to guess
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 29-Jan-2025 00:44:14 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • nyanide :nyancat_rainbow::nyancat_body::nyancat_face:
     @nyanide Well I'm mostly asking so I don't needlessly write my own.
     nyanide :nyancat_rainbow::nyancat_body::nyancat_face: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 29-Jan-2025 00:51:48 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Kody :pudding_verified:
     @kody Dehydrated depends on bash so it fails the GNUism part pretty hard.
   • Embed this notice
     Kody :pudding_verified: (kody@wubba.boo)'s status on Wednesday, 29-Jan-2025 00:51:49 JST Kody :pudding_verified:

     in reply to

     @lanodan@queer.hacktivis.me I use dehydrated.
     
     As a hook for DNS/Wildcards, I'm using this one with lexicon. Lexicon is in python, so either pip install, use one of the OS packages, or build it.

   • Embed this notice
     Lord (lord@pleroma.lord.re)'s status on Wednesday, 29-Jan-2025 01:10:55 JST Lord

     in reply to

     @lanodan Good old acme-client ? It dropped linux support years ago (that frees it of GNUisms ^__^)

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 29-Jan-2025 01:28:31 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Lord
     @lord And IIRC it requires root access.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 29-Jan-2025 01:31:50 JST Haelwenn /элвэн/ :triskell:

     in reply to
     I guess I might grab https://github.com/WolfWings/wdfcert.sh but (k)sh instead of bash.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 29-Jan-2025 01:39:24 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Ignas Kiela

     @ignaloidas True although looked at how to do plugins and… meh I don't want to have to filter out the bunch of pip/venv/… noise from the documentation when meanwhile it can just be dns_update_command domain [text]

   • Embed this notice
     Ignas Kiela (ignaloidas@not.acu.lt)'s status on Wednesday, 29-Jan-2025 01:39:26 JST Ignas Kiela

     in reply to

     @lanodan@queer.hacktivis.me FWIW this only fails the first part, but it's packaged for every distro on earth anyways so idk if a big minus on that

   • Embed this notice
     Ignas Kiela (ignaloidas@not.acu.lt)'s status on Wednesday, 29-Jan-2025 01:39:28 JST Ignas Kiela

     in reply to

     @lanodan@queer.hacktivis.me :trollface: certbot