If you want to be super minimal, I prefer acme.sh[1] instead. It even comes preconfigured for various DNS providers[2], and you can even create your own hook if there isn't already one[3].<p>[1] <a href="https://github.com/acmesh-official/acme.sh" rel="nofollow">https://github.com/acmesh-official/acme.sh</a><p>[2] <a href="https://github.com/acmesh-official/acme.sh/wiki/dnsapi" rel="nofollow">https://github.com/acmesh-official/acme.sh/wiki/dnsapi</a><p>[3] <a href="https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide" rel="nofollow">https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-...</a>
I found this project while looking for a way to renew my SSL certificate without having to use certbot which has a lot of dependencies including python. This program is really small and simple and does exactly what I need. It's perfect.
<a href="https://man.openbsd.org/acme-client.1" rel="nofollow">https://man.openbsd.org/acme-client.1</a> is similar. I'm not sure if it was ported to Linux.
One of the things I don't like about Github is that, while they do list languages used, they don't have a section for listing dependencies. Some (Ok, many) projects don't list dependencies and assume we're all OK with so many that we don't deserve to know and are expected to just pipe a URL to a shell to install them all.<p>We need more projects like this, because many of us would like clean, reproducible environments that won't be in dependency hell every few years when an update to one dependency isn't compatible with updates to others.
Certificates seem to be lots of work and complexity, and lots of do-it-yourself. Couldn't that functionality come as part of the OS?<p>It is fundamental that computers should be able to know whom to trust and whom not.
Cool! I hadn't seen tls-alpn-01 for authentication before.<p>Instead of using the ualpn daemon to respond to the challenges and proxying all other connections through to nginx, would it be possible to do it solely in nginx?
Been ussing this script <a href="https://github.com/srvrco/getssl" rel="nofollow">https://github.com/srvrco/getssl</a>
Security software written in C, with no unit tests. You cannot run away from this software fast enough. I cannot think of any worse idea than "I wrote my own base64 codec in bare C without tests and without code review". "Minimal dependencies" does not even begin to make up for how bad this idea is. It would be strongly preferable to depend on third-party code that has been reviewed, tested, and implemented in a reasonable language.