Giter Site home page Giter Site logo

acme-pki's Introduction

Acme/PKI

Tiny PKI based on Acme/client.

Licensed under AGPLv3+.

Usage

Registration

Usage: letsencrypt register <email>

Generate secret key

Usage: letsencrypt key <domain> [options]
	-r, --rsa [KEYSIZE]              RSA key, key size
	-e, --ecc [CURVE]                ECC key, curve

Generate a key (default is an EC secp384r1 key) in example.bar.foo.pem

letsencrypt key foo.bar.example

Default key is an EC secp384r1.

Generate certificate request

Usage: letsencrypt csr <domain> [options]
	-k, --key [KEYFILE]              Key file
	-d, --domains [DOMAINS]          Domains

Generate a certificate request in example.bar.foo.csr

letsencrypt csr foo.bar.example

If you have multiple domains

letsencrypt csr foo.example -d bar.example -d baz.example

Request certificate

Usage: letsencrypt crt <domain> [options]
	-c, --csr [CSR]                  CSR file

Request the corresponding certificate in example.bar.foo.crt

letsencrypt crt foo.bar.example

You can call directly the certificate issuance, CSR and key will be created when needed.

Renew certificate

Usage: letsencrypt renew <domain> [options]
	-c, --csr [CSR]                  CSR file

Renew the example.bar.foo.crt if needed (default is 30d before expiration).

letsencrypt renew foo.bar.example

If certificate was renewed, return code is 0 else 1, for post-action on crontab for example

#!/bin/bash
cd /etc/ssl/private

if letsencrypt renew foo.bar.example; then
	service apache2 reload
fi

Get information from key or certificate

letsencrypt info <domain> [options]
	-k, --key                        Key information
	-c, --crt                        Certificate information

Display various information (fingerprints, HPKP, TLSA…) for key or certificate.

letsencrypt info foo.bar.example
letsencrypt info -c foo.bar.example

Environment variables

You can define which ACME endpoint is used with ACME_ENDPOINT environment variable. Default is Let’s encrypt production endpoint (https://acme-v01.api.letsencrypt.org/). You can use Let’s encrypt staging endpoint (https://acme-staging.api.letsencrypt.org/) for testing.

Default account key is account.key in the current directory. You can specify another key file with ACME_ACCOUNT_KEY environment variable.

Default ACME challenge directory is acme-challenge in the current directory. You can change it with ACME_CHALLENGE environment variable.

acme-pki's People

Contributors

aeris avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.