What does HackerNews think of lego?

Running one’s own root Certificate Authority in 2023 | Sep 2023

This ACME client looks promising, but I haven’t tried it yet: https://github.com/go-acme/lego

Easy HTTPS for your private networks | Jul 2023

Haven't used this myself, but I did find out about Lego (https://github.com/go-acme/lego) recently and used it to get a Let's Encrypt cert for a local network website I have using the DNS challenge. It was fairly straight forward,

  $ export NAMESILO_API_KEY=...
  $ export NAMESILO_POLLING_INTERVAL=10
  $ export NAMESILO_PROPAGATION_TIMEOUT=1800
  $ export NAMESILO_TTL=3600
  $ lego --email  --dns namesilo --domains *..com run

Acme.sh runs arbitrary commands from a remote server | Jun 2023

Expand Context ↕

Yeah, lego-acme is a solid alternative.

https://github.com/go-acme/lego

Self hosting in 2023 | Feb 2023

Expand Context ↕

Super easy with the right DNS provider and something like go-acme/Lego. Add a crom job and done. Yeah, not zero effort but compared to early Let's Encrypt with HTTP-01 and such it's quote easy.

https://github.com/go-acme/lego

ZeroSSL: XSS to session hijacking, stealing a private key (and password hash) | Jan 2023

Expand Context ↕

I too am moving away from acme.sh for the same reason. Dehydrated looks nice but I started using goacme.

https://github.com/go-acme/lego

I wasn't set on only bash though.

Uacme: ACMEv2 client written in plain C with minimal dependencies | Aug 2022

Expand Context ↕

I use https://github.com/go-acme/lego, single Go binary.

Uacme: ACMEv2 client written in plain C with minimal dependencies | Aug 2022

I'm using lego - https://github.com/go-acme/lego for this, single binary works great.

Another free CA as an alternative to Let's Encrypt | Aug 2021

Expand Context ↕

> You have the option to create a virtualenv and install it with pip, or snap, or use a docker image.

You could jump through all those silly hoops (most of which will be completely alien to people who are not Python devs) in order to use the "official" dependency-heavy Python client.

Or you could just use a single pre-compiled Go binary, LEGO [1].

I have been increasingly favouring Go recently because the functions delivered to the end-user are dependency free, you can just ship simple single binaries instead of having to say "oh you need Python X with this that and whatever other Python library under the kitchen sink installed on your system".

And that's before we start talking about conflicts that can occur between Python libraries....which, let's face it will happen in an "average Joe" environment where Joe is just randomly using apt to install any Python dependencies.

[1]https://github.com/go-acme/lego

Ask HN: Cheapest/easiest way to host a static site? | Mar 2021

Expand Context ↕

Cool! There's also certbot[0] and lego[1] which can do ACME-DNS with a range of providers beside CF. You could also do tls-alpn, which allows you to do do the challenger encrypted on another port. Sounds like DNS works fine for you, but it's primarily worth considering for those issuing certs for non-public names that shouldn't be broadcasted via public DNS.

[0]: https://github.com/certbot/certbot

[1]: https://github.com/go-acme/lego

Automatic Updates for Hetzner LB Letsencrypt Certificates Using Acme-DNS | Feb 2021

Hi there! I've created a small service to automatically update load-balancer certificates on Hetzner cloud using go-acme/lego [0] and joohoi/acme-dns [1]. They lack support for Letsencrypt and this small service will update your certificates every two months. It's straight forward to install and used by Pirsch [2] in production.

Feedback welcome!

[0] https://github.com/go-acme/lego

[1] https://github.com/joohoi/acme-dns

[2] https://pirsch.io/

Chrome is deploying HTTP/3 and IETF QUIC | Oct 2020

Expand Context ↕

All of the DNS altering is performed automatically by lego [1] which has support for a large number of DNS providers.

[1] https://github.com/go-acme/lego [2] https://go-acme.github.io/lego/dns/