Am 2020-12-08 08:41, schrieb Simon Walter:
> Other than a manual install, are there any alternatives? I am
> interested to hear how others are doing this.

Let's Encrypt has a list of various clients:
https://letsencrypt.org/docs/client-options/

I'm using one I've written myself (and haven't bothered adding to the
list yet): https://github.com/Daniel-Abrecht/DPA-ACME2
There currently only is a solver for dns-01 challenges for it, though.
And I should probably move the solver to another
project/repo & make some packages and such stuff.

It works pretty well overall, I didn't have any problems with it for a
long time anymore. But if you put it in a cron job,
make sure to set up mail notifications so you know when it fails. And
make sure not to use it around 0 UTC, the let's encrypt
servers tend to be overloaded and unreliable around that time.

I do think TLS is an awesome and important technology, but I do not like
having to rely on yet another authority (the other one being DNS
registrars)
to be able to operate a webpage and other services. This is why I have
also set up DANE. If some day, browsers start to finally support DANE,
or free certificates become unavailable, I will immediately switch to
self signed certificates (and keep DANE so they could still in theory
get automatically validated).

Regards,
Daniel Abrecht