Hello, I wan’t to ask if anyone knows of a good alternative for certbot for acquiring ssl certificates for nginx.

Certbot isn’t good anymore for me since I started using crowdsec with nginx bouncer that uses lua block’s inside nginx config that cerbot can’t parse, making it not work anymore.

I use nginx because it’s the one I know the best and for my use case work’s the best. ( Hosting both program’s directly on metal and docker container’s )

  • @EddyBot@feddit.de
    link
    fedilink
    English
    125 months ago

    if you are open to learn something new: Caddy webserver has a dead simple config, fetches tls certs by default for you and works with crowdsec too

      • CronyAkatsukiOPA
        link
        English
        15 months ago

        Do you have it on host or container. I’m thinking abour switching to caddy on my host and replacing nginx with it but just wan’t to hear your experience with it.

        • @Voroxpete@sh.itjust.works
          link
          fedilink
          English
          25 months ago

          I run it in its own separate VM. Normally I use containers for everything, but Caddy being the part that’s most on the outside of my network, as it were, I wanted to separate off.

    • CronyAkatsukiOPA
      link
      English
      1
      edit-2
      5 months ago

      I’m open to using sothing like caddy or traefic, but my issue is I have a mix of packages hosted directly on system and in docker container’s and as such need to proxy them all.

      That’s why I’m not using caddy or traefic.

      Edit: rn my mix consists of about 16 diff containeraized stuff and another 4-5 not containerized stuff.

      Edit2: Just now realized that they can be used on the host system’s also. Would you recommend traefic or caddy?

      • @joao@aussie.zone
        link
        fedilink
        English
        25 months ago

        If all was containerised, I’d recommend traefik for its impeccable container integration, but for a mix of bare metal and container services I’d go with Caddy.

      • @EddyBot@feddit.de
        link
        fedilink
        English
        2
        edit-2
        5 months ago

        I’m using Caddy (sometimes in a container or most of the time as system package) as reverse proxy mostly for containers
        I try to minimize non-container services but they work well with Caddy too

        Traefik is a tad more complex (still nowhere near Apache2 levels though) but scales more easily espcially if you only run containers and start/stop them programatically

  • CronyAkatsukiOPA
    link
    English
    75 months ago

    Update: I have moved to caddy, planned a switch either way and this just pushed me to do it.

  • @Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    5
    edit-2
    5 months ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CA (SSL) Certificate Authority
    DNS Domain Name Service/System
    HTTP Hypertext Transfer Protocol, the Web
    SSL Secure Sockets Layer, for transparent encryption
    nginx Popular HTTP server

    3 acronyms in this thread; the most compressed thread commented on today has 14 acronyms.

    [Thread #452 for this sub, first seen 24th Jan 2024, 12:25] [FAQ] [Full list] [Contact] [Source code]

    • CronyAkatsukiOPA
      link
      English
      15 months ago

      Requires me to add cname record’s, which beats the purpose of automation honestly. Will most likelly move to caddy.

  • Possibly linux
    link
    fedilink
    English
    3
    edit-2
    5 months ago

    You don’t need it to parse your config. Just set it to manual mode with a cron job. You can manually copy the certs with a short script.

    • CronyAkatsukiOPA
      link
      English
      15 months ago

      Hi already tried that, worked for one domain and then stopped working for every other domain.

        • CronyAkatsukiOPA
          link
          English
          15 months ago

          Yea, evem rn on the server I have about 13? or so domains, and still haven’t migrated all my services over.

  • @solrize@lemmy.world
    link
    fedilink
    English
    35 months ago

    I used dehydrated for a while. It’s a quite simple python script iirc. It’s on github someplace.

    If your domain registrar is porkbun and you use their DNS hosting, they can generate wildcard certificates for you. It is pretty convenient though a little bit scary, since they generate your key pair and retrieve the cert from letsencrypt. But, since they run your DNS, they could do almost the same thing without you even knowing.