> I haven't seen anyone mention acme.sh yet--a shell script for > letsencrypt with no external dependencies. > > https://github.com/Neilpang/acme.sh
No external dependencies, and no security foundations. No privsep, no clear seperation. Using pretty much every unsafe pattern tied to security holes in the past. Using the openssl command *GO READ THAT CODE SOMETIME*, don't go read the libressl one, go read upstream openssl command source. No attempt at security. Just doing the job, and assuming every mistake later can be It's like constructing jetliners from foundational components, and by that I mean sticks and stones. I'm sorry, but I don't get it. It is crazy to recommend something that hasn't been STUDIED to ensure it dutifully tries to only perform the task and creates no new risk.