Hi Peter, On Tue, November 22, 2016 02:40, Peter Eckersley wrote: > I'm an upstream developer for Certbot, previously known as the Let's > Encrypt client (https://certbot.eff.org). Certbot is a flexible and very popular > way to get certificates from Let's Encrypt;
Thanks a lot for your efforts. This is really useful indeed. > The ACME protocol that it uses to talk to Let's Encrypt is also rapidly > evolving through an IETF working group > (https://datatracker.ietf.org/wg/acme/charter/), and the Let's Encrypt > server-side codebase (https://github.com/letsencrypt/boulder) is > currently working with an ACME backwards compatibilty window of 6-12 > months, but probably not longer than that. I'm a bit surprised by this policy. To my knowledge, concepts like automation and "hassle-free" are central to the Let's Encrypt concept. Obviously are online for more than a year, so installing Let's Encrypt certificates on them is not quite automated or hassle-free if you need to upgrade certbot several times during the projected lifetime of the server. Is it really necessary to have such, in my opinion, really short API lifetimes? Surely you want to extend and develop it, but this can be done while keeping compatibility with existing clients in the field. Cheers, Thijs