[buug] letsencrypt

[Ian Zimmerman]

On 2017-05-02 14:42, Michael Paoli wrote:

> If you use certbot client (available in Debian backports & later),
> and use it in --manual mode, it gives you script bits you can
> use to fire up http listener under Python.

I installed the certbot package from jessie-backports.

Initial cert generation went perfectly,  but then the simulated renewal
with "certbot renew --dry-run" seems to be quite fragile due to fscked
DNS on their staging server.

Given that, I have to decide how often to run the cronjob with the real
renewal.  Do you (anyone reading this) know how close the cert must be
to expiration for certbot to try renewing it?

Thanks,
i

-- 
Please *no* private Cc: on mailing lists and newsgroups
Personal signed mail: please _encrypt_ and sign
Don't clear-text sign:
http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html