>I've recently learned about the acme.sh script for certificate
>management. It is a Unix shell script (I don't know if it has Bashisms
>though) for managing SSL certificate renewal.
>
>Do y'all think a similar script for execline + s6-networking is
>practical? Or is this something where a different language or tool
>would be preferable?
You can, obviously, do whatever you want.
However, the ACME protocol is relatively complex and implementing it
is easier with a programming language that has reasonably advanced
programming features - which execline is not. execline is a scripting
language made for gluing Unix programs together, and excels in simple
scripts, not in protocol implementations.
acme.sh is 8k LOC long. That it can exist at all is a feat. Writing
the equivalent in execline would be exceedingly difficult, and probably
very inefficient. And would definitely not work on systems that have
a small size limitation on argv+envp.
I personally use acme-client-portable, which is a port of OpenBSD's
acme-client, a pure C implementation:
https://git.wolfsden.cz/acme-client-portable
--
Laurent
Received on Fri Apr 04 2025 - 10:28:28 CEST