# acme-client replacement



## SirDice (May 29, 2019)

As you may or may not know security/acme-client was removed recently, upstream stopped updating the code. I liked it, it had very little dependencies and I liked the scripts. It made integrating it really easy. 

What's a nice alternative for it?


----------



## trev (May 29, 2019)

I've been using security/acme.sh for the last year - no dependencies other than the shell


----------



## SirDice (May 29, 2019)

I like the "no dependencies". I'm always in favor of that. Will definitely check it out, but it looks like I'm going to need to rewrite/rebuild a few scrips in order to fit it in. I was kind of hoping for a "drop-in" replacement. 

My current set up checks if lagg(4) is MASTER, then runs the update scripts to update new/expired certificates. It then runs the deploy scripts to add the certificates to HAProxy and reloads it. Second phase is to rsync the certificates to the other node and reload HAProxy there too. I had to check for the lagg(4) status to prevent both nodes trying to update the certificates simultaneously. Now only the MASTER updates and deploys it to the BACKUP. The scripts themselves are the same on both hosts, whichever one is set to MASTER will take care of the updates.


----------



## ekingston (May 29, 2019)

I'm also using acme.sh and it works well. I did previously use acme-client but transitioned about a year ago.


----------



## SirDice (May 29, 2019)

ekingston said:


> I did previously use acme-client but transitioned about a year ago.


Speaking of which, can I reuse the account.key or should I just let it generate a new one? I probably need to move things around a bit but I assume I can get it to update my existing certificates?


----------



## ekingston (May 29, 2019)

SirDice said:


> Speaking of which, can I reuse the account.key or should I just let it generate a new one? I probably need to move things around a bit but I assume I can get it to update my existing certificates?



I believe you can re-use the account key. I'm not 100% sure, I just started fresh when I switch.


----------



## CyberCr33p (May 30, 2019)

Few hours ago I rewrote all my scripts related to Let's Encrypt and switch to acme.sh

You can reuse the account key which allows 300 SSL / 3 hours instead of 10 SSL / 3 hours (because acme-client create a new account per SSL).


----------

