• abhibeckert@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    4
    ·
    10 months ago

    Certbot is so problematic we still pay for most of our certificates because it’s more reliable.

    I’m not sure if Caddy/Traefik is the answer but it’s clear the work should be handed over to a team with a proper focus on reliability.

      • abhibeckert@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Certbot is supposed to automatically renew certificates. It doesn’t do that reliably in my experience.

        We use it on non-critical systems and every few months I need to go in and fix things… that never happens with traditional certificates - those are setup and forget.

        As for the exact problems, I don’t think we’ve ever had the same problem twice. It’s always a once off thing but it’s still an hour of wasted time each and every time. If it happened on a proper production system it’d be a lot more than an hour, since whatever change is made would need a full gamut of testing / reporting / etc.