search

jelastic-jps / lets-encrypt

Let’s Encrypt Add-on for Jelastic PaaS
Apache License 2.0
19 stars 45 forks source link

use certbot instead of letsencrypt-auto #9

Closed bubbl closed 7 years ago

bubbl commented 7 years ago

Why do you use why not use Letsencrypt github repo instead of CentOS native certbot package? 

Name        : certbot
Arch        : noarch
Version     : 0.9.3
Release     : 1.el7
Size        : 16 k
Repo        : epel/x86_64
Summary     : A free, automated certificate authority client
URL         : https://pypi.python.org/pypi/certbot
License     : ASL 2.0
Description : certbot is a free, automated certificate authority that aims
            : to lower the barriers to entry for encrypting all HTTP traffic on the internet.

Think it would be a better solution and less stuff would be unintentionally installed/upgraded as it is done now.

bubbl commented 7 years ago

by unintentional/unneeded upgrades I mean e.g. Apache update.

On Apache 2.2:

Feb 16 11:58:53 Installed: bc-1.06.95-1.el6.x86_64
Feb 16 11:58:53 Installed: epel-release-6-8.noarch
Feb 16 11:59:16 Updated: openssl-1.0.1e-48.el6_8.3.x86_64
Feb 16 11:59:18 Updated: python-libs-2.6.6-66.el6_8.x86_64
Feb 16 11:59:18 Updated: python-2.6.6-66.el6_8.x86_64
Feb 16 11:59:18 Installed: python-setuptools-0.6.10-3.el6.noarch
Feb 16 11:59:18 Installed: 1:tk-8.5.7-5.el6.x86_64
Feb 16 11:59:18 Installed: 1:tix-8.4.3-5.el6.x86_64
Feb 16 11:59:18 Installed: tkinter-2.6.6-66.el6_8.x86_64
Feb 16 11:59:19 Installed: python-devel-2.6.6-66.el6_8.x86_64
Feb 16 11:59:19 Updated: httpd-tools-2.2.15-56.el6.centos.3.x86_64
Feb 16 11:59:19 Updated: httpd-2.2.15-56.el6.centos.3.x86_64
Feb 16 11:59:19 Installed: libsepol-devel-2.0.41-4.el6.x86_64
Feb 16 11:59:19 Installed: libselinux-devel-2.0.94-7.el6.x86_64
Feb 16 11:59:19 Installed: zlib-devel-1.2.3-29.el6.x86_64
Feb 16 11:59:19 Installed: keyutils-libs-devel-1.4-5.el6.x86_64
Feb 16 11:59:19 Installed: krb5-devel-1.10.3-57.el6.x86_64
Feb 16 11:59:20 Installed: openssl-devel-1.0.1e-48.el6_8.3.x86_64
Feb 16 11:59:20 Updated: 1:mod_ssl-2.2.15-56.el6.centos.3.x86_64
Feb 16 11:59:20 Installed: python-virtualenv-1.10.1-1.el6.noarch
Feb 16 11:59:20 Installed: python-tools-2.6.6-66.el6_8.x86_64
Feb 16 11:59:20 Installed: python-pip-7.1.0-1.el6.noarch
Feb 16 11:59:21 Installed: augeas-libs-1.0.0-10.el6.x86_64
Feb 16 11:59:21 Installed: redhat-rpm-config-9.0.3-51.el6.centos.noarch
Feb 16 11:59:21 Installed: libffi-devel-3.0.5-3.2.el6.x86_64

On Apache 2.4:

Feb 16 13:25:56 Installed: bc-1.06.95-13.el7.x86_64
Feb 16 13:25:56 Installed: epel-release-7-9.noarch
Feb 16 13:26:25 Updated: zlib-1.2.7-17.el7.x86_64
Feb 16 13:26:25 Updated: libgcc-4.8.5-11.el7.x86_64
Feb 16 13:26:25 Installed: mpfr-3.1.1-4.el7.x86_64
Feb 16 13:26:26 Updated: libsepol-2.5-6.el7.x86_64
Feb 16 13:26:26 Updated: libselinux-2.5-6.el7.x86_64
Feb 16 13:26:26 Updated: systemd-libs-219-30.el7_3.6.x86_64
Feb 16 13:26:29 Updated: systemd-219-30.el7_3.6.x86_64
Feb 16 13:26:29 Installed: libmpc-1.0.1-3.el7.x86_64
Feb 16 13:26:30 Installed: 1:tk-8.5.13-6.el7.x86_64
Feb 16 13:26:30 Updated: libffi-3.0.13-18.el7.x86_64
Feb 16 13:26:30 Installed: 1:tix-8.4.3-12.el7.x86_64
Feb 16 13:26:32 Installed: cpp-4.8.5-11.el7.x86_64
Feb 16 13:26:32 Installed: libsepol-devel-2.5-6.el7.x86_64
Feb 16 13:26:32 Installed: zlib-devel-1.2.7-17.el7.x86_64
Feb 16 13:26:32 Updated: libgomp-4.8.5-11.el7.x86_64
Feb 16 13:26:32 Installed: pcre-devel-8.32-15.el7_2.1.x86_64
Feb 16 13:26:32 Installed: libselinux-devel-2.5-6.el7.x86_64
Feb 16 13:26:34 Updated: ca-certificates-2015.2.6-73.el7.noarch
Feb 16 13:26:34 Updated: 1:openssl-libs-1.0.1e-60.el7.x86_64
Feb 16 13:26:34 Updated: krb5-libs-1.14.1-27.el7_3.x86_64
Feb 16 13:26:36 Updated: python-libs-2.7.5-48.el7.x86_64
Feb 16 13:26:36 Updated: python-2.7.5-48.el7.x86_64
Feb 16 13:26:36 Installed: tkinter-2.7.5-48.el7.x86_64
Feb 16 13:26:36 Installed: python-backports-1.0-8.el7.x86_64
Feb 16 13:26:36 Installed: python-backports-ssl_match_hostname-3.4.0.2-4.el7.noarch
Feb 16 13:26:37 Installed: python-setuptools-0.9.8-4.el7.noarch
Feb 16 13:26:37 Installed: python-devel-2.7.5-48.el7.x86_64
Feb 16 13:26:37 Installed: libkadm5-1.14.1-27.el7_3.x86_64
Feb 16 13:26:37 Updated: 1:openssl-1.0.1e-60.el7.x86_64
Feb 16 13:26:37 Updated: httpd-tools-2.4.6-45.el7.centos.x86_64
Feb 16 13:26:38 Updated: httpd-2.4.6-45.el7.centos.x86_64
Feb 16 13:26:38 Installed: perl-srpm-macros-1-8.el7.noarch
Feb 16 13:26:38 Installed: dwz-0.11-3.el7.x86_64
Feb 16 13:26:38 Installed: libverto-devel-0.2.5-4.el7.x86_64
Feb 16 13:26:38 Installed: keyutils-libs-devel-1.5.8-3.el7.x86_64
Feb 16 13:26:38 Installed: krb5-devel-1.14.1-27.el7_3.x86_64
Feb 16 13:26:38 Installed: 1:openssl-devel-1.0.1e-60.el7.x86_64
Feb 16 13:26:38 Installed: redhat-rpm-config-9.1.0-72.el7.centos.noarch
Feb 16 13:26:38 Updated: mod_ldap-2.4.6-45.el7.centos.x86_64
Feb 16 13:26:39 Updated: 1:mod_ssl-2.4.6-45.el7.centos.x86_64
Feb 16 13:26:39 Installed: python-virtualenv-1.10.1-3.el7.noarch
Feb 16 13:26:39 Installed: python2-pip-8.1.2-5.el7.noarch
Feb 16 13:26:40 Installed: python-tools-2.7.5-48.el7.x86_64
Feb 16 13:26:40 Updated: systemd-sysv-219-30.el7_3.6.x86_64
Feb 16 13:26:43 Installed: gcc-4.8.5-11.el7.x86_64
Feb 16 13:26:43 Installed: libffi-devel-3.0.13-18.el7.x86_64
Feb 16 13:26:43 Updated: libselinux-utils-2.5-6.el7.x86_64
Feb 16 13:26:43 Installed: augeas-libs-1.4.0-2.el7.x86_64
ihorman commented 7 years ago

Hi Bart, the thing is we have various of containers running in production since 2011, installation of LE from github works for most of them, moreover the plan was to make this LE package compatible with any distribution, not only centos (for latest versions)

bubbl commented 7 years ago

I agree, when I started to modify the script I remembered there are dinosaurs that do not have certbot in repos...