{"id":13566767,"url":"https://github.com/do-know/Crypt-LE","last_synced_at":"2025-04-04T00:32:12.151Z","repository":{"id":40414500,"uuid":"54834734","full_name":"do-know/Crypt-LE","owner":"do-know","description":"Crypt::LE - Let's Encrypt / Buypass / ZeroSSL and other ACME-servers client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, EAB (External Account Binding) supported, easily extended with plugins, easily dockerized.","archived":false,"fork":false,"pushed_at":"2024-06-01T16:55:27.000Z","size":378,"stargazers_count":358,"open_issues_count":18,"forks_count":61,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-03-29T22:09:44.822Z","etag":null,"topics":["acme","acme-client","acme-v2","certificate","crypt","crypt-le","dns","docker","docker-ssl","ecc","ecdsa","free-ssl-certificates","https","perl","pfx","rsa","security","ssl","windows-ssl","zerossl"],"latest_commit_sha":null,"homepage":"https://Do-Know.com","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"artistic-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/do-know.png","metadata":{"files":{"readme":"README","changelog":"Changes","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-27T15:24:16.000Z","updated_at":"2025-03-14T11:48:10.000Z","dependencies_parsed_at":"2022-08-19T08:11:12.880Z","dependency_job_id":"7d2ec964-9262-4a74-9798-3d5f4a6f9cfc","html_url":"https://github.com/do-know/Crypt-LE","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-know%2FCrypt-LE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-know%2FCrypt-LE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-know%2FCrypt-LE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/do-know%2FCrypt-LE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/do-know","download_url":"https://codeload.github.com/do-know/Crypt-LE/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247103290,"owners_count":20884023,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","acme-client","acme-v2","certificate","crypt","crypt-le","dns","docker","docker-ssl","ecc","ecdsa","free-ssl-certificates","https","perl","pfx","rsa","security","ssl","windows-ssl","zerossl"],"created_at":"2024-08-01T13:02:16.348Z","updated_at":"2025-04-04T00:32:11.894Z","avatar_url":"https://github.com/do-know.png","language":"Perl","funding_links":[],"categories":["Perl"],"sub_categories":[],"readme":"Crypt-LE\n\nThe Crypt::LE module provides the functionality necessary to use the API of Let's Encrypt API and other ACME-compatible\nCAs, and to generate free SSL certificates for your domains. It can also be used to generate private RSA and ECC keys or\nCertificate Signing Requests without resorting to openssl command line.\n\n\nCOMPATIBILITY\n\nThe code has been successfully tested on more than 500 combinations of OS and Perl versions. It should install\nand run fine on Linux, FreeBSD, NetBSD, etc. It also works on Mac OS X and Windows (tested with ActiveState and\nStrawberry Perl).\n\nIn addition, if you are able to run docker containers, you can pull the latest client image from\nhttps://hub.docker.com/r/zerossl/client/. Docker image is lightweight and the client is run as a non-privileged\nuser in a container.\n\n\nREQUIREMENTS\n\nLINUX: There are just 3 essential things which should be in place for the package to be successfully installed:\n\"gcc\", \"make\" and the SSL development package. The SSL development package name differs depending on \nLinux distribution and it can be either \"libssl-dev\" or \"openssl-devel\". \n\nWINDOWS: There are no requirements if Raspberry Perl is used. For ActiveState Perl you may need to install CPANminus\nfirst (business license users of ActiveState have direct access to Crypt::LE ppm).\n\nWINDOWS BINARIES: You can also use Windows binaries available at https://github.com/do-know/Crypt-LE/releases - those\nrequire no installation and available for both 32bit and 64bit environments.\n\n\nINSTALLATION\n\nThe installation is quite easy and straightforward. The provided client does not need any specific privileges (certainly\ndoes not need to be run as a root or any privileged user). Keep in mind that the client functionality can be extended\nwith plugins, so make sure you have read the \"Plugins\" section and especially \"Plugins in multiuser environment\" notes.\n\n- With CPANminus\n\n  cpanm Crypt::LE\n\n- With CPAN\n\n  cpan -i Crypt::LE\n\n- Manual installation:\n\n  perl Makefile.PL\n  make\n  make test\n  make install\n\n- Windows installation (with Strawberry Perl)\n\n  cpanm -f Log::Log4perl\n  cpanm Crypt::LE\n\nNote: On Windows current version of the logging module needs to be installed with -f flag first if Strawberry Perl is used.\n\n\nCLIENT\n\nCrypt::LE is shipped with a self-sufficient client for obtaining SSL certificates - le.pl. Run it without parameters to see how it is used.\nThe client supports 'http' and 'dns' challenges out of the box.\n\nUsage example: le.pl --key account.key --csr domain.csr --csr-key domain.key --crt domain.crt --domains \"www.domain.ext,domain.ext\" --generate-missing\n\nThat will generate an account key and a CSR if they are missing. If any of those files exists, they will just be loaded, so it is safe to re-run\nthe client.\n\nNote: If you would like to receive expiration notifications for your domain, you can specify --email parameter and an appropriate email address\nduring the initial registration of the account. Later, shall you want to change your email or specify more than one, you can use --update-contacts\nparameter to update your contact information.\n\nFor example: le.pl --key account.key --update-contacts \"one@email.address, another@email.address\" --live\n\nTo reset your contact details, please specify \"none\" as a value, as follows: le.pl --key account.key --update-contacts \"none\" --live\n\n\nWILDCARD CERTIFICATES SUPPORT\n\nTo issue a wildcard certificate, use DNS verification and specify the domain in the following format: *.some.domain\n\nFor example: le.pl ... --domains \"*.some.domain\" --handle-as dns\n\nPlease note that at the moment wildcards are only supported by the v2.0 of the API and they can only be issued if DNS verification is used.\n\n\nPFX/P12 SUPPORT\n\nWindows binaries include export functions into PFX/P12 format, which is normally required by IIS. The export (in addition to saving certificates in\nPEM format) can be activated by specifying a PFX password with '--export-pfx' option.\n\n\nIDN (INTERNATIONALIZED DOMAIN NAMES) SUPPORT\n\nIf you are using IDN (Internationalized Domain Names) and generating a certificate for those, you can either encode those into \"punycode\" form by yourself,\nor let the client do that for you. Please note that for the conversion to work properly you need to have correct locale settings on your system. For\nLinux-based systems you can check that with the \"locale\" command, for Windows make sure that \"System locale\" in the Control Panel is set correctly.\n\nEAB (EXTERNAL ACCOUNT BINDING) SUPPORT\n\nSome ACME-compatible Certificate Authorities manage their accounts differently from how ACME accounts are normally created, but link those to an ACME\naccount through so-called External Account Binding. In essence, you would need to get 2 additional parameters from those CAs and use those on the command\nline. Those parameters are the \"Key ID\" ('eab-kid') and \"HMAC Key\" ('eab-hmac-key').\n\nPlease note that the same EAB credentials, depending on the CA, might be allowed to be used for multiple ACME accounts or just one.\n\nPLUGINS\n\nBoth the library and the client can be easily extended with custom plugins to handle Let's Encrypt challenges (both pre- and post-verification). See\nCrypt::LE::Challenge::Simple module as an example of such plugin. The client application can also be easily extended with modules handling process\ncompletion. See Crypt::LE::Complete::Simple module as an example of such plugin.\n\nClient options related to plugins are:\n\n --handle-with\n --handle-params\n --handle-as\n --complete-with\n --complete-params\n\nPlease note that parameters for --handle-params and --complete-params are expected to be valid JSON documents or to point to files containing valid\nJSON documents (the latter is a preferable method).\n\nExample of running the client with plugins (you can modify the source code of the provided Crypt::LE::Challenge::Simple and Crypt::LE::Complete::Simple):\n\n    le.pl --key account.key --email \"my@email.address\" --csr domain.csr --csr-key domain.key --crt domain.crt --domains \"www.domain.ext,domain.ext\" \\\n--generate-missing --handle-with Crypt::LE::Challenge::Simple --complete-with Crypt::LE::Complete::Simple\n\nNote: you can use the same plugin to cover both the challenge/verification and the completion process, as long as it has appropriately named methods defined.\nYou can also point directly to a Perl module file rather than specify a name of the module.\n\nThis will work even on Windows, without any need to install anything - having just the binary file of the client and the plugin file is sufficient.\n\nFor example, if you have your le64.exe client and then created or downloaded the plugin code into the same directory, you can use it like this:\n\n    le64.exe -key account.key -domains test.com -csr test.csr -csr-key test.key -crt test.crt -generate-missing -handle-with DNS.pm -handle-as dns\n\nSee https://github.com/do-know/Crypt-LE/blob/master/Plugins/DNS.pm as an example of such \"combined\" plugin.\n\nAll comand line parameters are passed to the methods of the plugin, along with the information about the challenge requirements and the verification results.\nFor example, if you have defined handle_challenge_dns method, it will receive the challenge data and the parameters data. The challenge data will contain\nall the necessary details, including \"domain\", \"host\" and \"record\" values. In this case the \"host\" would be the same as the \"domain\", except the wildcard\npart removed (if it was present). To illustrate:\n\n- If the \"domain\" is test.com, then the \"host\" is test.com;\n- If the \"domain is \"*.test.com\", then the \"host\" is test.com;\n\nSo you would need to set _acme-challenge record in your \"host\" zone with the value of the \"record\".\n\nIn a similar way, for the HTTP verification, the method handle_challenge_http would have access to \"file\", which contains the name of the file to be created,\nand the \"text\", which contains the content of that file.\n\n#### Plugins in multiuser environment ####\n\nIt is important to remember that the client code allows plugins to be used. While this makes the client rather flexible in terms of possible automation,\nit should be kept in mind that you should not be running it from a privileged user (and you do not need to), especially in the multiuser environment.\nAs with any other application that can extend the functionality either by plugins or by executing some commands/hooks, it is never a good idea to make it\nwritable by anyone else or make it run with the privileges it does not actually need. You can almost always achieve the resuts you need without resorting\nto making your application (or the script that runs it) running as a root or a privileged user - for example to allow reloading the web server on completion\nyou can just configure sudo to allow that reload to a specific user, etc.\n\n\nSUPPORT AND DOCUMENTATION\n\nAfter installing, you can find documentation for this module with the\nperldoc command.\n\n    perldoc Crypt::LE\n\nYou can also look for information at:\n\n    RT, CPAN's request tracker (report bugs here)\n        http://rt.cpan.org/NoAuth/Bugs.html?Dist=Crypt-LE\n\n    AnnoCPAN, Annotated CPAN documentation\n        http://annocpan.org/dist/Crypt-LE\n\n    CPAN Ratings\n        http://cpanratings.perl.org/d/Crypt-LE\n\n    Search CPAN\n        http://search.cpan.org/dist/Crypt-LE/\n\nFor feedback or custom development requests see:\n\n    Project homepage\n        https://Do-Know.com\n\n\nLICENSE AND COPYRIGHT\n\nCopyright (C) 2016-2023 Alexander Yezhov\n\nThis program is free software; you can redistribute it and/or modify it\nunder the terms of the the Artistic License (2.0). You may obtain a\ncopy of the full license at:\n\nL\u003chttp://www.perlfoundation.org/artistic_license_2_0\u003e\n\nAny use, modification, and distribution of the Standard or Modified\nVersions is governed by this Artistic License. By using, modifying or\ndistributing the Package, you accept this license. Do not use, modify,\nor distribute the Package, if you do not accept this license.\n\nIf your Modified Version has been derived from a Modified Version made\nby someone other than you, you are nevertheless required to ensure that\nyour Modified Version complies with the requirements of this license.\n\nThis license does not grant you the right to use any trademark, service\nmark, tradename, or logo of the Copyright Holder.\n\nThis license includes the non-exclusive, worldwide, free-of-charge\npatent license to make, have made, use, offer to sell, sell, import and\notherwise transfer the Package with respect to any patent claims\nlicensable by the Copyright Holder that are necessarily infringed by the\nPackage. If you institute patent litigation (including a cross-claim or\ncounterclaim) against any party alleging that the Package constitutes\ndirect or contributory patent infringement, then this Artistic License\nto you shall terminate on the date that such litigation is filed.\n\nDisclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER\nAND CONTRIBUTORS \"AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR\nPURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY\nYOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR\nCONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR\nCONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE,\nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdo-know%2FCrypt-LE","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdo-know%2FCrypt-LE","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdo-know%2FCrypt-LE/lists"}