What does HackerNews think of dehydrated?

letsencrypt/acme client implemented as a shell-script – just add water

Language: Shell

#12 in Bash
#21 in Shell
Running one’s own root Certificate Authority in 2023 | Sep 2023
I've had a lot of success with https://github.com/dehydrated-io/dehydrated . It exposes the different parts of the process (deploy challenge to DNS, deploy cert to filesystem, etc) as hooks, so it's pretty easy to integrate with anything and however you want, if you don't mind writing a bit of bash. There's a few scripts out there that use Cloudflare that you can use as well.
Ubuntu 22.10 Kinetic Kudu | Oct 2022
Expand Context ↕
Fan of https://github.com/dehydrated-io/dehydrated
Google announced its free ACME server | Apr 2022
Expand Context ↕
The Let's Encrypt community also made some fun references to the Roadrunner cartoons in the early days.

(1) The reference implementation of the ACME server was originally going to be called Anvil, but was renamed to Boulder. (A later lightweight testing implementation is called Pebble.)

(2) A later ACME client was called "dehydrated", after, well, take a look: https://github.com/dehydrated-io/dehydrated

(3) I'm pretty sure I'm forgetting another roadrunner joke here somewhere
Does my site need HTTPS? | Feb 2022
Expand Context ↕
> The letsencrypt auto renewer is great until you run a version of linux unsupported.

Consider using an ACME client written in shell:

* https://github.com/dehydrated-io/dehydrated

* https://github.com/acmesh-official/acme.sh

There's a minor change for the pre/post-scripts to restart your web server, and telling the web server where "/.well-known/acme-challenge/" should be served from, e.g.,:

* https://salsa.debian.org/letsencrypt-team/dehydrated/-/blob/...

But otherwise I find there are a lot fewer moving parts (and dependencies) than ACME clients written in other languages.
Another free CA as an alternative to Let's Encrypt | Aug 2021
Expand Context ↕
+1 for dehydrated [1]. Aside from being able to run basically anywhere, it is very easy to script: Create a file with the list of domains you want, and run `dehydrated --cron`. dehydrated will obtain certs and/or modify existing and/or renew, or just do nothing.

Certbot is designed for interactive use: obtaining, changing and renewing certificates are all distinct commands, and if you tell it to obtain a cert you already have, it'll just obtain it anyway. Handling this from a script is a huge pain.

[1] https://github.com/dehydrated-io/dehydrated
Certbot deprecates operating system packages, “standardizes” on snaps | Jan 2021
Expand Context ↕
My favourite ACME client is dehydrated https://github.com/dehydrated-io/dehydrated
Letsencrypt, the Good, the Bad and the Ugly | Sep 2020
Expand Context ↕
Check out dehydrated:

* https://github.com/dehydrated-io/dehydrated

The hook.sh allows for a lot of flexibility.
Letsencrypt, the Good, the Bad and the Ugly | Sep 2020
See also:

* https://github.com/dehydrated-io/dehydrated

All you need is Bash/Zsh, OpenSSL, and cURL.

Letsencrypt, the Good, the Bad and the Ugly | Sep 2020
A few people have already suggested alternatives to certbot, so I thought I'd throw another suggestion into the mix: dehydrated (formerly known as letsencrypt.sh)

https://github.com/dehydrated-io/dehydrated

I've got only good things to say about it. It's a single shell script, making it super easy to install and start using. It's quite configurable, but has sensible defaults and just works without demanding much operator attention.