Hello, I wan’t to ask if anyone knows of a good alternative for certbot for acquiring ssl certificates for nginx.
Certbot isn’t good anymore for me since I started using crowdsec with nginx bouncer that uses lua block’s inside nginx config that cerbot can’t parse, making it not work anymore.
I use nginx because it’s the one I know the best and for my use case work’s the best. ( Hosting both program’s directly on metal and docker container’s )
@crony AFAIK https://github.com/go-acme/lego is quite good.
NixOS uses this, works well for me.
if you are open to learn something new: Caddy webserver has a dead simple config, fetches tls certs by default for you and works with crowdsec too
Caddy is fantastic, incredibly easy to configure and just works out of the box beautifully.
I’m open to using sothing like caddy or traefic, but my issue is I have a mix of packages hosted directly on system and in docker container’s and as such need to proxy them all.
That’s why I’m not using caddy or traefic.
Edit: rn my mix consists of about 16 diff containeraized stuff and another 4-5 not containerized stuff.
Edit2: Just now realized that they can be used on the host system’s also. Would you recommend traefic or caddy?
I’m using Caddy (sometimes in a container or most of the as system package) as reverse proxy mostly for containers
I try to minimize non-container services but they work well with Caddy tooTraefik is a tad more complex (still nowhere near Apache2 levels though) but scales more easily espcially if you only run containers and start/stop them programatically
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CA (SSL) Certificate Authority HTTP Hypertext Transfer Protocol, the Web SSL Secure Sockets Layer, for transparent encryption nginx Popular HTTP server
1 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #452 for this sub, first seen 24th Jan 2024, 12:25] [FAQ] [Full list] [Contact] [Source code]
Update: I have moved to caddy, planned a switch either way and this just pushed me to do it.
What CA are you getting your certificates from?
If Let’s Encrypt, have you checked their alternative methods to certbot?
Yea I’m using let’s encrypt. Juet wanted to hear opinions from people who are probably more experienced than me.
I’d say any project that’s decently maintained and satisfies your use case is probably good enough. I found this that from the sound of it fits your use case: https://github.com/fffonion/lua-resty-acme