search

do-know / Crypt-LE

Crypt::LE - Let's Encrypt / Buypass / ZeroSSL and other ACME-servers client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, EAB (External Account Binding) supported, easily extended with plugins, easily dockerized.
https://Do-Know.com
Artistic License 2.0
354 stars 60 forks source link

Expert advice requested: automating upgrading #87

Open ArtHansen opened 1 year ago

ArtHansen commented 1 year ago

@Alexander Yezhov : This I a request for advice (LE64 is functioning flawlessly, thank you very much.) I explored sending you Linked In message but they seem to require upgrading to a premium account just to send a message …

I’m creating a desktop C# Winforms/SQLite/ WinSCP app that is a GUI for your LE client. It started as an exercise to further my understanding of the C# language (I’m a novice) and to make my life easier. Then I decided to make it something that somebody else could use. 9 months and approx. 25,000 lines of code (and tons of rework) later and integration testing is nearly complete.

The facet I’m writing you about is keeping the LE32/64 client up-to-date once the app is on a user’s machine. The primary driver behind this requirement is “if/when Let’s Encrypt makes a fundamental change that necessitates an upgraded LE32/64 client”.

I can check the users OS architecture (32 or 64 bit) and programmatically download/unzip the appropriate client from do-know. The source URL, however, is hard-coded (which makes me uneasy but I’m not aware of an alternative) so at present: https://github.com/do-know/Crypt-LE/releases/download/0.39/le64.zip

In an attempt to automate the “updating/upgrading in perpetuity ” I explored using C#’s GetDirectories/GetFiles capability but for web rather than desktop context. I can’t even get that to work for a hosted folder that I own so obviously a non-starter. An FTP approach is also a non-starter due to credential requirements.

The various work arounds I’m considering all require human intervention. Do you know how folks typically deal with this type of issue?

Thanx in advance for any help.

do-know commented 1 year ago

Hi. I believe the best way to follow the releases is to fetch https://github.com/do-know/Crypt-LE/releases/latest. This will redirect you to the latest release page tagged with a version that release is set with (such as https://github.com/do-know/Crypt-LE/releases/tag/0.39). You can then either extract the information from the page or simply take 0.39 (or whichever number that tag is set to) from the URL you are being redirected to, and, if that is higher than the current version, construct the download link as https://github.com/do-know/Crypt-LE/releases/download/{{version}}/le{{architecture}}.zip. Would that work for you?

ArtHansen commented 1 year ago

WOW - thanx for the very prompt and unexpected response :-)

That certainly looks promising.

I'll give this a go and let you know ...

ArtHansen commented 1 year ago

That’s exactly what I was looking for – it is working great. Thanx again.

On an unrelated item I notice your latest release adds the “Asynchronous order finalization support.” functionality. Would this circumvent the LE “cannot finalize order” error that is simply a transitory timing issue? If so I’d like to incorporate it but I’m not seeing an example of how to trigger multiple attempts … is it a flag like --retry XX where XX is number of attempts and the LE server dictates retry timing?