A systemd-certd would actually kinda slap. One cert store to rule them all for clients, a way to define certs and specify where they're supposed to be placed with automatic reload using the systemd dependency solver, a way to mount certs into services privately, a unified interface for interacting with the cert store.

▲ nottorp a day ago | parent [-]

So ... not only would your system take ages to boot without the internets(tm) because that's how systemd works, it will be extended in the same spirit to not boot at all if letsencrypt is down.

Sounds enterprise.

Also, you people forgot that my proposal is to also fold the http server in, and ideally all the scripting languages and all of npm just in case.

	▲	Spivak 11 hours ago \| parent \| next [-]
		Well I mean if you configured your system in a manner that requires one of the wait-online services that's kinda on you. It's not required for anything by default. It would be the same for certd. If you configure your system to hold up booting waiting for a cert then that's your choice but there's plenty of ways to have it not.
	▲	throw_a_grenade a day ago \| parent \| prev [-]
		`ExecStart=/usr/bin/python3 -m http.server WorkingDirectory=/srv/www ?`