You must log in or register to comment.
deleted by creator
Those look some really cool options! I might end up using one of these for my environment.
Can confirm that acme.sh is a great option. Way better support of many DNS APIs than Certbot, including easier setup of wildcard certificates. Personally moved to this when Certbot’s ability to do RFC2136 (dynamic DNS method that many DNS servers support) was seriously lacking, and never looked back.
No. Not everyone uses traefik or caddy
Yeah man, that’s the point of the article. Its asking the question “should everyone who isnt using them already move to them”. Its not saying everyone already does.
Certbot is so problematic we still pay for most of our certificates because it’s more reliable.
I’m not sure if Caddy/Traefik is the answer but it’s clear the work should be handed over to a team with a proper focus on reliability.
Can you elaborate on this reliability issue?
Certbot is supposed to automatically renew certificates. It doesn’t do that reliably in my experience.
We use it on non-critical systems and every few months I need to go in and fix things… that never happens with traditional certificates - those are setup and forget.
As for the exact problems, I don’t think we’ve ever had the same problem twice. It’s always a once off thing but it’s still an hour of wasted time each and every time. If it happened on a proper production system it’d be a lot more than an hour, since whatever change is made would need a full gamut of testing / reporting / etc.
