letsencrypt VS JsonCpp

It's strange: SSL certificates (and maybe domain name registrations?) are one of the only "ticking time bomb" elements present in every modern web stack, whether a static site or not. By "ticking time bomb" I mean that there's a hard date N weeks/months from now where your site will definitely stop working, unless some external pile of dependencies work smoothly to extend that date.

Software didn't have that sort of "ticking time bomb" element before, I think?

I think I understand why it's necessary: we have a single, globally shared public namespace of domain names, which we accept will turn over their ownership over the long run, just like real estate changes hands. So we need expiration dates to invalidate "stale" records.

We've already switched over everything to Let's Encrypt. But I don't think anyone should be under the delusion that automation / ACME is failproof:

https://github.com/certbot/certbot/issues?q=is%3Aissue%20ren...

https://github.com/cert-manager/cert-manager/issues?q=is%3Ai...

https://github.com/caddyserver/caddy/issues?q=is%3Aissue%20A...

(These are generally not issues with the software per se, but misconfiguration, third-party DNS API weirdness, IPv6, rate limits, or other weird edge cases.)

Anyway, a gentle reminder that Let's Encrypt suggests monitoring your SSL certificates may be "helpful": https://letsencrypt.org/docs/monitoring-options/ (Full disclosure: I wrote the most recent addition to that list, with the "self-hosted scripts".)

Last I was concerned with, this was the situation:

https://github.com/certbot/certbot/issues/8345#issuecomment-...

That’s been three years though. The EFF/Certbot team has lost so much goodwill with me over that, I won’t go back.

Certbot 4 does too: https://github.com/certbot/certbot/releases

I don't understand the tone of aggression against ACME and their plethora of clients.

I know it isn't a skill issue because of who the author is. So I can only imagine it is some sort of personal opinion that they dislike ACME as a concept or the tooling around ACME in general.

We've been using LE for a while (since 2019 I think) for handful of sites, and the best nonsense client _for us_ was https://github.com/do-know/Crypt-LE/releases.

Then this year we've done another piece of work this time against the Sectigo ACME server and le64 wasn't quite good enough.

So we ended up trying:-

- https://github.com/certbot/certbot on GitHub Actions, it was fine but didn't quite like the locked down environment

- https://github.com/go-acme/lego huge binary, cli was interestingly designed and the maintainer was quite rude when raising an issue

- https://github.com/rmbolger/Posh-ACME our favourite, but we ended up going with certbot on GHA once we fixed the weird issues around permissions

This seems to be not implemented in certbot, yet: https://github.com/certbot/certbot/issues/6566

If you do go with NPM or Traefik, under the covers it's using certbot to request/renew your certificates through Let's Encrypt using the DNS-01 challenge, meaning you can get wildcard certs and don't have to futz around with port forwards. Again I'd think Caddy has similar functionality, I just have not used it personally. Raw NGINX you probably don't want to try out yet considering it requires manually doing the configs

certbot won't be missed. The code quality is pretty poor.

https://github.com/certbot/certbot/issues 5000 bugs and it most of it can be replaced by much smaller tools

Here’s a good code reference (Python and rust): https://github.com/certbot/certbot

I am trying to migrate off of Linux and back to FreeBSD, but I hit a problem today. The Let's Encrypt Certbot is not installing. A bit surprising, given how important it is. So I thought I would notify the community Here is my bug report. https://github.com/certbot/certbot/issues/9394

> I'm talking about wrapping jansson (a C library that handles JSON) so that it made sense in my C++ world and I could import JSON

Why not just use JsonCpp then?

https://github.com/open-source-parsers/jsoncpp

It's a native C++ parser which is mature, actively maintained, and likely safer than a low-level C parser implementing its own string buffers.

json cpp for json

And that lists https://github.com/open-source-parsers/jsoncpp as upstream, and I think the package's version number matches theirs.

include(FetchContent) FetchContent_Declare( JsonCpp GIT_REPOSITORY https://github.com/open-source-parsers/jsoncpp.git

I like https://github.com/open-source-parsers/jsoncpp

Or use a lib that you link to. I like jsoncpp. It's not tHe FaStEsT lib, but the api is clear and easy to use, and the integration has never been an issue either.