On 2024/11/14 15:10, Landry Breuil wrote:
> Le Thu, Nov 14, 2024 at 02:30:24PM +0100, Kirill A. Korinsky a écrit :
> > ports@,
> > 
> > I'd like to import another ACME client: acme.sh which is written as shell
> > script (works on ksh) and supports a lot of DNS providers out of the box:
> > https://github.com/acmesh-official/acme.sh/tree/master/dnsapi
> > 
> > At ports we have uacme, which also supports DNS-01 challenge as well, but it
> > requires development of the script to support DNS providers which quite
> > possible is supported by acme.sh
> > 
> > Tested on -current/amd64 against ClouDNS. Works like a charm.
> > 
> > Feedback? Ok?

CONFIGURE_STYLE is unused as it's a NO_BUILD port, so better to
remove it.

(in general CONFIGURE_STYLE=none is not meaningful itself, it's
seen in a few ports but this is only a hack to work around a design
issue with python.port.mk).

> I'd just like to stress loudly that by default acme.sh uses zerossl and
> not letsencrypt CA, cf https://github.com/acmesh-official/acme.sh/wiki/Change-default-CA-to-ZeroSSL
> dunno if thats better/worse but important to know imo.

Yes, I think I'd mention that in DESCR.

Personally I don't feel like supporting that CA - see the "CSR & Private
Key" section on https://zerossl.com/terms/ - presumably this just
applies to certs generated on their website, but still...

> im using acme.sh at work on debian against gandi API and dns-01 works
> fine.
> 
> Landry
>