Can free and open source software projects like Caddy and Traefik eventually replace EFF’s Certbot? Although Certbot continues to be developed, we think tools like these help offer a promising path forward in the further development of a secure and encrypted web. For some users, tools like these...
Certbot is so problematic we still pay for most of our certificates because it’s more reliable.
I’m not sure if Caddy/Traefik is the answer but it’s clear the work should be handed over to a team with a proper focus on reliability.
Can you elaborate on this reliability issue?
Certbot is supposed to automatically renew certificates. It doesn’t do that reliably in my experience.
We use it on non-critical systems and every few months I need to go in and fix things… that never happens with traditional certificates - those are setup and forget.
As for the exact problems, I don’t think we’ve ever had the same problem twice. It’s always a once off thing but it’s still an hour of wasted time each and every time. If it happened on a proper production system it’d be a lot more than an hour, since whatever change is made would need a full gamut of testing / reporting / etc.