Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I just got so sick of the constant pain of certificates.

I've honestly never had any sort of "constant pain" by using nginx and acme.sh. Certbot is an actual abomination.

I have a script just as a shortcut for these two commands:

    acme.sh --issue --dns dns_cf -d "$1" -d "*.$1"
    acme.sh --installcert -d "$1" -d "*.$1" --certpath /foo/$1/cert --keypath /foo/$1/key --fullchainpath /foo/$1/fullchain --reloadcmd "/usr/local/bin/docker-compose -f /foo/docker-compose.yml exec -T nginx nginx -s reload"
You just have to run those commands once per domain and it'll keep that wildcard certificate valid forever, acme.sh sets up a cronjob to renew the cert when needed and will automatically reload my nginx container after.


And if you use caddy you never need to know what any of that means, since caddy completely automates it. Maybe it's not a pain to you since you're used to it, but it's a major obstacle to most people looking to set up a website, particularly for the first time.

Even though I've set up nginx and certbot before, I'm happy I don't need to think about that stuff with caddy. Total waste of mental resources. I just want to get stuff on the Web.


I want more control over the cert request however, and to use the certs for SMTPS, IMAPS etc. But for simple HTTPS only caddy is great.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: