[Cryptography] letsencrypt.org

[grarpamp]

> Note that this must run as root

Extremely unlikely. Things most think require uid=0, in fact do not.
Discover existing kernel / user facilities / tools, and design around it.

Also worth considering is investigating design and pre / post rooting
of your supposedly trusted stack... SW, SATA, USB, CPU, NIC...
#OpenFabs, #OpenHW, #OpenSW

>> [1] https://kristaps.bsd.lv/acme-client/