Skip to content
Maintained port of openbsd's acme-client
Branch: master
Clone or download
Latest commit e528b3b Jul 13, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVS Update from openbsd (2019-13-07 12:41:40 UTC) Jul 13, 2019
confs Port of acme-client to linux Jul 8, 2019
m4 Add autotools based build system Jul 8, 2019
scripts Improve update script Jul 8, 2019
.gitignore
Makefile.am Fix build from tarball Jul 9, 2019
NEWS Release 0.2.2 Jul 13, 2019
README Port of acme-client to linux Jul 8, 2019
acctproc.c Port of acme-client to linux Jul 8, 2019
acme-client.1 Update from openbsd (2019-06-07 00:39:47 UTC) Jul 6, 2019
acme-client.conf.5 Update from openbsd (2019-06-07 00:39:47 UTC) Jul 6, 2019
base64.c
certproc.c Port of acme-client to linux Jul 8, 2019
chngproc.c Port of acme-client to linux Jul 8, 2019
compat.c Port of acme-client to linux Jul 8, 2019
compat.h Port of acme-client to linux Jul 8, 2019
configure.ac
dbg.c Add autotools based build system Jul 8, 2019
dnsproc.c Port of acme-client to linux Jul 8, 2019
extern.h Port of acme-client to linux Jul 8, 2019
fileproc.c Port of acme-client to linux Jul 8, 2019
http.c Provide User-Agent header Jul 13, 2019
http.h Update from openbsd (2019-06-07 00:39:47 UTC) Jul 6, 2019
jsmn.c Initial import from openbsd tree Feb 28, 2019
jsmn.h
json.c Port of acme-client to linux Jul 8, 2019
key.c Port of acme-client to linux Jul 8, 2019
key.h Update from openbsd (2019-06-07 00:39:47 UTC) Jul 6, 2019
keyproc.c Port of acme-client to linux Jul 8, 2019
main.c Port of acme-client to linux Jul 8, 2019
netproc.c Port of acme-client to linux Jul 8, 2019
parse.h
parse.y Port of acme-client to linux Jul 8, 2019
revokeproc.c Port of acme-client to linux Jul 8, 2019
util.c Add autotools based build system Jul 8, 2019

README

ACME-CLIENT(1)            BSD General Commands Manual           ACME-CLIENT(1)

NAME
     acme-client — ACME client

SYNOPSIS
     acme-client [-Fnrv] [-f configfile] domain

DESCRIPTION
     acme-client is an Automatic Certificate Management Environment (ACME)
     client: it looks in its configuration for a domain section corresponding
     to the domain given as command line argument and uses that configuration
     to retrieve an X.509 certificate which can be used to provide domain name
     validation (i.e. prove that the domain is who it says it is).  The cer‐
     tificates are typically used to provide HTTPS for web servers, but can be
     used in any situation where domain name validation is required (such as
     mail servers).

     If the certificate already exists and is less than 30 days from expiry,
     acme-client attempts to renew the certificate.

     In order to prove that the client has access to the domain, a challenge
     is issued by the signing authority.  acme-client implements the “http-01”
     challenge type, where a file is created within a directory accessible by
     a locally run web server.  The default challenge directory /var/www/acme
     can be served by httpd(8) with this location block, which will properly
     map response challenges:

           location "/.well-known/acme-challenge/*" {
                   root "/acme"
                   request strip 2
           }

     The options are as follows:

     -F      Force certificate renewal, even if it's too soon.

     -f configfile
             Specify an alternative configuration file.

     -n      No operation: check and print configuration.

     -r      Revoke the X.509 certificate.

     -v      Verbose operation.  Specify twice to also trace communication and
             data transfers.

     domain  The domain name.

FILES
     /etc/acme              Private keys for acme-client.
     /etc/acme-client.conf  Default configuration.
     /var/www/acme          Default challengedir.

EXIT STATUS
     acme-client returns 0 if certificates were changed (revoked or updated),
     1 on failure, or 2 if the certificates didn't change (up to date).

EXAMPLES
     Example configuration files for acme-client and httpd(8) are provided in
     /etc/examples/acme-client.conf and /etc/examples/httpd.conf.

     To generate a certificate for example.com and use it to provide HTTPS,
     create acme-client.conf and httpd.conf and run:

           # acme-client -v example.com && rcctl reload httpd

     A cron(8) job can renew the certificate as necessary.  On renewal,
     httpd(8) is reloaded:

           0       *       *       *       *       sleep $((RANDOM \% 2048)) && \
                   acme-client example.com && rcctl reload httpd

SEE ALSO
     openssl(1), acme-client.conf(5), httpd.conf(5)

STANDARDS
     R. Barnes, J. Hoffman-Andrews, D. McCarney, and J. Kasten, Automatic
     Certificate Management Environment (ACME), RFC 8555, March 2019.

HISTORY
     The acme-client utility first appeared in OpenBSD 6.1.

AUTHORS
     The acme-client utility was written by Kristaps Dzonsons
     <kristaps@bsd.lv>.

BSD                              June 15, 2019                             BSD
You can’t perform that action at this time.