[Letsencrypt-devel] Bug#837308: letsencrypt.sh: version 0.3.0

Mattia Rizzolo mattia at debian.org
Sat Sep 10 12:32:15 UTC 2016


source: letsencrypt.sh
version: 0.2.0-4
severity: wishlist

Upstream added in v0.3.0 multi-account support.
Though in doing so it dropped support for ACCOUNT_KEY and
ACCOUNT_KEY_JSON variables, in favour of some mess.
See upstream commit 034ec30c7d3f098007ffee704b00cf2d3c9b78e9
https://anonscm.debian.org/git/letsencrypt/letsencrypt.sh.git/commit/?h=upstream/master&id=034ec30c7d3f098007ffee704b00cf2d3c9b78e9

I've yet to try it myself, but as I see it if users wants to keep their
account keys that are not set to the place where upstream would dream of
(${BASE_DIR}/private_key.pem), they need to move them themselves to the
final place.
Also doesn't help that:
 * the path is kinda unobvious: (in bash format)
     ${ACCOUNTDIR:${BASEDIR}/accounts}/$(echo ${CA} | urlbase64}/
   really, hashing $CA ?? Why I wonder…  Besides, `urlbase64` doesn't
   seem to be a thing in Debian (‽)
 * the filenames changed too:
     private_key.pem => account_key.pem
     private_key.json => registration_info.json
   and they are not configurable anymore


I know that the DSA (Debian System Administrators) use the ACCOUNT_KEY
setting for their letsencrypt.sh deployment¹, and where annoyed because
their usage was not covered in our upgrade path in the last "migration".
So, I'd love to see even a more nifty thing this time :)



¹ https://anonscm.debian.org/git/mirror/letsencrypt-domains.git/tree/config/letsencrypt-config
  though atm it still uses the old PRIVATE_KEY there.  I asked why,
  considering that at update time I received rants over IRC for that…

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/letsencrypt-devel/attachments/20160910/e59bbc97/attachment.sig>


More information about the Letsencrypt-devel mailing list