[Letsencrypt-devel] Certbot in Debian Stretch
Thijs Kinkhorst
thijs at debian.org
Wed Nov 23 08:57:19 UTC 2016
Hi Peter,
On Tue, November 22, 2016 02:40, Peter Eckersley wrote:
> I'm an upstream developer for Certbot, previously known as the Let's
> Encrypt client (https://certbot.eff.org). Certbot is a flexible and very
popular
> way to get certificates from Let's Encrypt;
Thanks a lot for your efforts. This is really useful indeed.
> The ACME protocol that it uses to talk to Let's Encrypt is also rapidly
> evolving through an IETF working group
> (https://datatracker.ietf.org/wg/acme/charter/), and the Let's Encrypt
> server-side codebase (https://github.com/letsencrypt/boulder) is
> currently working with an ACME backwards compatibilty window of 6-12
> months, but probably not longer than that.
I'm a bit surprised by this policy. To my knowledge, concepts like automation
and "hassle-free" are central to the Let's Encrypt concept. Obviously are
online for more than a year, so installing Let's Encrypt certificates on them
is not quite automated or hassle-free if you need to upgrade certbot several
times during the projected lifetime of the server.
Is it really necessary to have such, in my opinion, really short API
lifetimes?
Surely you want to extend and develop it, but this can be done while keeping
compatibility with existing clients in the field.
Cheers,
Thijs
More information about the Letsencrypt-devel
mailing list