[zzzcpan]

> One thing I would love to see in the future is the addition of LetsEncrypt support for major web servers like Nginx and Apache. I think this could go a long way.

This is not as useful as you think. In nginx you only need a couple of extra lines of configuration to let an external program issue and renew certificates independently from nginx, without reloads, etc. Definitely not worth developing a C nginx module that starts a helper process that does that just so that a few people who run nginx on a single server could get their certificates issued with only one line of configuration.

[Goz3rr]

You still need to reload nginx for it to start using the new certificates. But you're right about issuing/renewing certificates. I have a small snippet like this in all my server blocks:

  location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
    root /var/www/letsencrypt;
  }

And to issue a cert (and automatically renew in the future) all I need is:

  acme.sh --issue -w /var/www/letsencrypt/ -d example.com --reloadcmd "service nginx reload"

Although recently I've been using the Cloudflare DNS option also offered by acme.sh instead of webroot mode. It doesn't make any difference in my issue workflow because the domains are already on CF DNS anyways, but it's required for wildcard certs.

I definitely agree in not seeing added the value of a nginx module over my current solution.

[zzzcpan]

Since version 1.16 certificates can be dynamic, no need for reload.

[giancarlostoro]

Oh I hadn't known this, I know the configs for Nginx are rather powerful, but didn't realize they were this good. Maybe alternatively somebody could make a web UI to make managing this sort of thing for Nginx simple. Most neckbeards will rage about that, but they don't have to use it.