Dehydrated: Letsencrypt/acme client implemented as a shell-script

1. dehydrated

   1 36 6,043 1.3 Shell

   letsencrypt/acme client implemented as a shell-script – just add water

   

   One of the biggest benefits of dehydrated is that it doesn't try to integrate with a DNS provider on its own. It just calls a hook, which can be implemented with a simple shell script[1]. The most popular third-party integration is lexicon[2], though you're not required to use Lexicon. (e.g. you're free to use awscli, gcloud, linode-cli, etc. to do the actual DNS record manipulation)

   This means its dependencies footprint is much smaller, and allows you to do things that can be a nightmare to configure with Certbot or other alternatives. For example, at one of the scenarios I had to set up was that we had to query a credential via HashiCorp Vault, which is then used to cURL into an API endpoint. The shell script in total was pretty short (< 100 LOC) and it worked extremely well.

   [1]: https://github.com/dehydrated-io/dehydrated/blob/master/docs...

   [2]: https://github.com/AnalogJ/lexicon

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. lego

   2 57 8,490 9.4 Go

   Let's Encrypt/ACME client and library written in Go

   

   Self contained but hardly a tiny supply chain attack surface: https://github.com/go-acme/lego/blob/master/go.sum

4. acme.sh

   3 287 42,526 9.4 Shell

   A pure Unix shell script implementing ACME client protocol

   

   A very relevant question. Acme.sh, a similar shell script ACME client, had a remote code execution problem last year.

   https://github.com/acmesh-official/acme.sh/issues/4668

5. lexicon

   4 17 1,509 8.0 Python

   Manipulate DNS records on various DNS providers in a standardized way.

   

   One of the biggest benefits of dehydrated is that it doesn't try to integrate with a DNS provider on its own. It just calls a hook, which can be implemented with a simple shell script[1]. The most popular third-party integration is lexicon[2], though you're not required to use Lexicon. (e.g. you're free to use awscli, gcloud, linode-cli, etc. to do the actual DNS record manipulation)

   This means its dependencies footprint is much smaller, and allows you to do things that can be a nightmare to configure with Certbot or other alternatives. For example, at one of the scenarios I had to set up was that we had to query a credential via HashiCorp Vault, which is then used to cURL into an API endpoint. The shell script in total was pretty short (< 100 LOC) and it worked extremely well.

   [1]: https://github.com/dehydrated-io/dehydrated/blob/master/docs...

   [2]: https://github.com/AnalogJ/lexicon

6. jq

   5 81 31,673 8.8 C

   Command-line JSON processor

   

7. uacme

   6 7 456 6.3 C

   ACMEv2 client written in plain C with minimal dependencies (by ndilieto)

   

Suggest a related project