Skip to content

aeris/acme-pki

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 10 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
lib/acme
 
 
.gitignore
 
 
Gemfile
 
 
Gemfile.lock
 
 
LICENSE
 
 
README.md
 
 
acme-pki.gemspec
 
 
Acme/PKI Usage Registration Generate secret key Generate certificate request Request certificate Renew certificate Get information from key or certificate Environment variables

README.md

Acme/PKI

Tiny PKI based on Acme/client.

Licensed under AGPLv3+.

Usage

Registration

Usage: letsencrypt register <email>

Generate secret key

Usage: letsencrypt key <domain> [options]
	-r, --rsa [KEYSIZE]              RSA key, key size
	-e, --ecc [CURVE]                ECC key, curve

Generate a key (default is an EC secp384r1 key) in example.bar.foo.pem

letsencrypt key foo.bar.example

Default key is an EC secp384r1.

Generate certificate request

Usage: letsencrypt csr <domain> [options]
	-k, --key [KEYFILE]              Key file
	-d, --domains [DOMAINS]          Domains

Generate a certificate request in example.bar.foo.csr

letsencrypt csr foo.bar.example

If you have multiple domains

letsencrypt csr foo.example -d bar.example -d baz.example

Request certificate

Usage: letsencrypt crt <domain> [options]
	-c, --csr [CSR]                  CSR file

Request the corresponding certificate in example.bar.foo.crt

letsencrypt crt foo.bar.example

You can call directly the certificate issuance, CSR and key will be created when needed.

Renew certificate

Usage: letsencrypt renew <domain> [options]
	-c, --csr [CSR]                  CSR file

Renew the example.bar.foo.crt if needed (default is 30d before expiration).

letsencrypt renew foo.bar.example

If certificate was renewed, return code is 0 else 1, for post-action on crontab for example

#!/bin/bash
cd /etc/ssl/private

if letsencrypt renew foo.bar.example; then
	service apache2 reload
fi

Get information from key or certificate

letsencrypt info <domain> [options]
	-k, --key                        Key information
	-c, --crt                        Certificate information

Display various information (fingerprints, HPKP, TLSA…) for key or certificate.

letsencrypt info foo.bar.example
letsencrypt info -c foo.bar.example

Environment variables

You can define which ACME endpoint is used with ACME_ENDPOINT environment variable. Default is Let’s encrypt production endpoint (https://acme-v01.api.letsencrypt.org/). You can use Let’s encrypt staging endpoint (https://acme-staging.api.letsencrypt.org/) for testing.

Default account key is account.key in the current directory. You can specify another key file with ACME_ACCOUNT_KEY environment variable.

Default ACME challenge directory is acme-challenge in the current directory. You can change it with ACME_CHALLENGE environment variable.

About

Tiny ACME PKI

Resources

Readme

License

AGPL-3.0 license

Stars

16 stars

Watchers

2 watching

Forks

5 forks

Releases

10 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages