Weblog

Sure would be nice if you provided a C/C++ version of the utility for Let's Encrypt. The PHP version requires installation of the PHP executable which I will not do for security reasons.

Chris, there's always the stock Let's Encrypt client. I'm pretty sure it can take care of all LE stuff, even with Hiawatha. I personally never understood why Hugo even wanted to have a full-block custom ACME client instead of just implementing a module for certbot (or even just using the webroot module and hooks).

All I can say is Hugo's implementation of the letsencrypt client written in PHP is much better than the official one. Been written in PHP doesn't makes it any less secure, but there are always people to complain.

I use the script, it is very useful to me, is compatible with Hiawatha's configuration and does not require the installation of cerbot.

I just updated my Lets Encrypt certificate using certbot, for the sixth iteration. So I am familiar with its use. The complication is in the further tasks of cat'ing the privkey.pem and fullchain.pem files into a single file, updating the live directory link, then restarting Hiawatha. Not big problems for a competent sysadmin. I do worry that a less competent person or novice user (i.e, my successor) will have trouble, causing server downtime. Yes, I have the process documented. I also use webmin for server administration and the same certificate is used there. The difference is in configuration where the privkey.pem and fullchain.pem files are accessed separately so the extra merge related steps are not needed.