[roblabla]

What's frankly ridiculous is that the big softwares like Nginx and Apache don't deal with this on their own. I've been letting Caddy (my http host of choice) deal with TLS for me for _ages_ now. I don't have to think about anything, I don't have to setup automation. I just... configure my caddy to host my website on https://my.domain.com and it just fetches the TLS for me, renews it when necessary, and uses it as necessary.

You don't need to be a professional sysadmin to deal with this - so long as the software you use isn't ass. Nginx will _finally_ get this ability in the next release (and it'll still be more configuration than caddy, that just defaults to the sane thing)...

[fanf2]

Apache has had mod_md since 2018 https://httpd.apache.org/docs/2.4/mod/mod_md.html

[znpy]

nginx gained that recently: https://nginx.org/en/docs/http/ngx_http_acme_module.html

[dingaling]

I just can't come to terms with letting a public-facing web server write arbitrary data from the network to disk.

[cpach]

Are there any certain exploits you’re worried about?

[alanfranz]

Nginx just added support for acme iirc.