> On 2017/12/05 12:59, Tim Kuijsten wrote: > > I think it would be nicer if acme-client is able to start and stop httpd(8) > > itself with the config mentioned in acme-client(5) so users on > > non-webservers don't have to be bothered with setting up a web server > > themselves. > > That feels like a huge reach-around to me.. This seems like something > that is better handled by a few lines of shell script rather than > complicating acme-client.
I agree. That was also the initial design with substantial priv seperation. It shouldn't be designed to tap another process potentially running with a different uid.