All of the LetsEncrypt automation with the new API seems to leave the control panel username and password in a file under the account home directory somewhere, for the API to use it when updating the certificate. That makes me nervous, since the password is the key to everything in my account.
Is there any alternative, other than I guess having my automation continue to email support tickets?
If not, is there anything planned that I've missed the annoucement of, maybe like letting shell users or some other limited account log in via the API and be restricted to only the "update certificate" API call?
asked 30 Jan, 18:31
There's no alternative at this time.
We're hoping to implement some form of token authentication for API scripts at some point, but there's no ETA for it.
answered 30 Jan, 18:41