Still accurate ?

[Yamakasi]

Is this script still accurate ? It tries apt-get on CentOS, etc, certbot not found, fails on local DNS that is stopped, etc.

Also the wget bash does indeed not work.

Ideas/suggestions ?

[antevens]

Hi Yamakasi,

The yum/bash part is just a simple way to install, it tries the commands in order until one works, not ideal or pretty and could/should be replaced by something better.

We don't wget bash but rather use it to fetch files from the internet, it's assumed that bash and wget are already installed on the system, are both commands present on your system?

The scripts can't possibly work with a stopped DNS server, they depend on Let's Encrypt being able to use a running DNS server to validate the certs and those DNS servers being authoritative for the DNS domains for which you're getting certificates.

Hope that helps

Antonia

[Yamakasi]

Hi,

I agree with your opinions but should we not make this a little but more failsafe ? You don't want other DNS servers then your local one on IPA.

Cheers,

[antevens]

Thanks for your feedback, if people want to use Let's Encrypt with other DNS servers then I recommend looking at integrations for those specific DNS servers rather than the FreeIPA ones.

I'm happy to accept Pull Requests for a check to make sure the FreeIPA DNS servers are being used and to warn/exit but for now I'll add a note in the Readme.