{"id":13531340,"url":"https://github.com/hlandau/acmetool","last_synced_at":"2026-01-12T03:09:58.859Z","repository":{"id":42627180,"uuid":"46200120","full_name":"hlandau/acmetool","owner":"hlandau","description":":lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)","archived":false,"fork":false,"pushed_at":"2023-05-27T19:22:43.000Z","size":1136,"stargazers_count":2089,"open_issues_count":72,"forks_count":128,"subscribers_count":58,"default_branch":"master","last_synced_at":"2025-10-27T18:08:20.830Z","etag":null,"topics":["acme","acme-server","acmetool","certificate","letsencrypt","ssl","tls","x509"],"latest_commit_sha":null,"homepage":"https://hlandau.github.io/acmetool/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hlandau.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-11-15T01:56:02.000Z","updated_at":"2025-10-17T17:20:09.000Z","dependencies_parsed_at":"2023-02-08T05:45:42.882Z","dependency_job_id":"e94fbe5e-9e95-4e78-bc04-83b0c19ae02c","html_url":"https://github.com/hlandau/acmetool","commit_stats":{"total_commits":383,"total_committers":25,"mean_commits":15.32,"dds":0.07571801566579639,"last_synced_commit":"d3428cff2614cbd31d91484e7c7bd188db53bcf1"},"previous_names":["hlandau/acme"],"tags_count":58,"template":false,"template_full_name":null,"purl":"pkg:github/hlandau/acmetool","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hlandau%2Facmetool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hlandau%2Facmetool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hlandau%2Facmetool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hlandau%2Facmetool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hlandau","download_url":"https://codeload.github.com/hlandau/acmetool/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hlandau%2Facmetool/sbom","scorecard":{"id":466356,"data":{"date":"2025-08-11","repo":{"name":"github.com/hlandau/acmetool","commit":"d3428cff2614cbd31d91484e7c7bd188db53bcf1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 1/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":6,"reason":"dependency not pinned by hash detected -- score normalized to 6","details":["Warn: downloadThenRun not pinned by hash: .travis/before_install:11","Info:   2 out of   2 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.0.67 not signed: https://api.github.com/repos/hlandau/acmetool/releases/9646846","Warn: release artifact v0.0.66 not signed: https://api.github.com/repos/hlandau/acmetool/releases/9646329","Warn: release artifact v0.0.65 not signed: https://api.github.com/repos/hlandau/acmetool/releases/9645912","Warn: release artifact v0.0.63 not signed: https://api.github.com/repos/hlandau/acmetool/releases/9314617","Warn: release artifact v0.0.62 not signed: https://api.github.com/repos/hlandau/acmetool/releases/8837395","Warn: release artifact v0.0.67 does not have provenance: https://api.github.com/repos/hlandau/acmetool/releases/9646846","Warn: release artifact v0.0.66 does not have provenance: https://api.github.com/repos/hlandau/acmetool/releases/9646329","Warn: release artifact v0.0.65 does not have provenance: https://api.github.com/repos/hlandau/acmetool/releases/9645912","Warn: release artifact v0.0.63 does not have provenance: https://api.github.com/repos/hlandau/acmetool/releases/9314617","Warn: release artifact v0.0.62 does not have provenance: https://api.github.com/repos/hlandau/acmetool/releases/8837395"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/hlandau/ossl-github-repo/SECURITY.md:1","Info: Found linked content: github.com/hlandau/ossl-github-repo/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/hlandau/ossl-github-repo/SECURITY.md:1","Info: Found text in security policy: github.com/hlandau/ossl-github-repo/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T12:36:43.944Z","repository_id":42627180,"created_at":"2025-08-19T12:36:43.944Z","updated_at":"2025-08-19T12:36:43.944Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28333011,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"online","status_checked_at":"2026-01-12T02:00:08.677Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","acme-server","acmetool","certificate","letsencrypt","ssl","tls","x509"],"created_at":"2024-08-01T07:01:02.192Z","updated_at":"2026-01-12T03:09:58.842Z","avatar_url":"https://github.com/hlandau.png","language":"Go","funding_links":[],"categories":["Utilities","Go","Relational Databases","\u003ca name=\"security\"\u003e\u003c/a\u003eSecurity and encryption","Security"],"sub_categories":["Network Utilities","HTTP Clients"],"readme":"# \u003cdiv align=\"center\"\u003e\u003cimg src=\"https://hlandau.github.io/acmetool/img/acmetool-logo-black.png\" alt=\"acmetool\" /\u003e\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\u003ca\nhref=\"https://webchat.freenode.net/?channels=%23acmetool\"\u003e\u003cimg\nsrc=\"https://img.shields.io/badge/webchat-freenode%20%23acmetool-blue.svg\"\nalt=\"[webchat: freenode #acmetool]\" /\u003e\u003c/a\u003e \u003cbr/\u003e \u003ca\nhref=\"https://github.com/hlandau/acmetool/releases\"\u003e\u003cimg\nsrc=\"https://img.shields.io/github/downloads/hlandau/acmetool/total.svg\"\nalt=\"[download count]\" /\u003e\u003c/a\u003e \u003ca\nhref=\"https://github.com/hlandau/acmetool/releases\"\u003e\u003cimg\nsrc=\"https://img.shields.io/github/release/hlandau/acmetool.svg\" alt=\"[version]\"\n/\u003e\u003c/a\u003e\u003cbr/\u003e \u003ca\nhref=\"https://launchpad.net/~hlandau/+archive/ubuntu/rhea/+packages\"\u003e\u003cimg\nsrc=\"https://img.shields.io/badge/ppa-debian%2Fubuntu-lightgrey.svg\" alt=\"[ppa\ndebian/ubuntu]\"/\u003e\u003c/a\u003e \n\u003ca href=\"https://drone.io/hlandau/acmetool\"\u003e\u003cimg\nsrc=\"https://img.shields.io/drone/build/hlandau/acmetool\" alt=\"Build Status\"\n/\u003e\u003c/a\u003e\u003c/p\u003e\n\nacmetool is an easy-to-use command line tool for automatically acquiring\ncertificates from ACME servers (such as Let's Encrypt). Designed to flexibly\nintegrate into your webserver setup to enable automatic verification. Unlike\nthe official Let's Encrypt client, this doesn't modify your web server\nconfiguration.\n\n\u003cp\u003e:white_check_mark: Zero-downtime autorenewal\u003cbr/\u003e\n:white_check_mark: Supports any webserver\u003cbr/\u003e\n:white_check_mark: Fully automatable\u003cbr/\u003e\n:white_check_mark: Single-file dependency-free binary\u003cbr/\u003e\n:white_check_mark: Idempotent\u003cbr/\u003e\n:white_check_mark: Fast setup\u003c/p\u003e\n\nYou can perform verifications using port 80 or 443 (if you don't yet have a\nserver running on one of them); via webroot; by configuring your webserver to\nproxy requests for `/.well-known/acme-challenge/` to a special port (402) which\nacmetool can listen on; or by configuring your webserver not to listen on port\n80, and instead running acmetool's built in HTTPS redirector (and challenge\nresponder) on port 80. This is useful if all you want to do with port 80 is\nredirect people to port 443.\n\nYou can run acmetool on a cron job to renew certificates automatically (`acmetool --batch`).  The\npreferred certificate for a given hostname is always at\n`/var/lib/acme/live/HOSTNAME/{cert,chain,fullchain,privkey}`. You can configure\nacmetool to reload your webserver automatically when it renews a certificate.\n\nacmetool is intended to be \"magic-free\". All of acmetool's state is stored in a\nsimple, comprehensible directory of flat files. [The schema for this directory\nis documented.](https://github.com/hlandau/acmetool/blob/master/_doc/SCHEMA.md)\n\nacmetool is intended to work like \"make\". The state directory expresses target\ndomain names, and whenever acmetool is invoked, it ensures that valid\ncertificates are available to meet those names. Certificates which will expire\nsoon are renewed. acmetool is thus idempotent and minimises the use of state.\n\nacmetool can optionally be used [without running it as\nroot.](https://hlandau.github.io/acmetool/userguide#annex-root-configured-non-root-operation) If you have\nexisting certificates issued using the official client, acmetool can import\nthose certificates, keys and account keys (`acmetool import-le`).\n\nacmetool supports both RSA and ECDSA keys and certificates. acmetool's\nnotification hooks system allows you to write arbitrary shell scripts to be\nexecuted when new certificates are obtained. By default, this is used to reload\nwebservers automatically, but it can also be used to distribute certificates to\nother servers or for other purposes.\n\n## Getting Started\n\n**Binary releases:** [Binary releases are available.](https://github.com/hlandau/acmetool/releases)\n\nDownload the release appropriate for your platform and simply copy the\n`acmetool` binary to `/usr/bin`.\n\n`_cgo` releases are preferred over non-`_cgo` releases where available, but\nnon-`_cgo` releases may be more compatible with older OSes.\n\n**Ubuntu users:** A binary release PPA, `ppa:hlandau/rhea` (package `acmetool`) is available.\n```bash\n$ sudo add-apt-repository ppa:hlandau/rhea\n$ sudo apt-get update\n$ sudo apt-get install acmetool\n```\n\nYou can also [download .deb files manually.](https://launchpad.net/~hlandau/+archive/ubuntu/rhea/+packages)\n\n(Note: There is no difference between the .deb files for different Ubuntu release codenames; they are interchangeable and completely equivalent.)\n\n**Debian users:** The Ubuntu binary release PPA also works with Debian:\n```\n# echo 'deb http://ppa.launchpad.net/hlandau/rhea/ubuntu xenial main' \u003e /etc/apt/sources.list.d/rhea.list\n# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9862409EF124EC763B84972FF5AC9651EDB58DFA\n# apt-get update\n# apt-get install acmetool\n```\n\nYou can also [download .deb files manually.](https://launchpad.net/~hlandau/+archive/ubuntu/rhea/+packages)\n\n(Note: There is no difference between the .deb files for different Ubuntu release codenames; they are interchangeable and completely equivalent.)\n\n**RPM-based distros:** [A copr RPM repository is available.](https://copr.fedorainfracloud.org/coprs/hlandau/acmetool/)\n\nIf you have `dnf` installed:\n```bash\n$ sudo dnf copr enable hlandau/acmetool\n$ sudo dnf install acmetool\n```\n\nOtherwise use the `.repo` files on the [repository\npage](https://copr.fedorainfracloud.org/coprs/hlandau/acmetool/) and use `yum`,\nor download RPMs and use `rpm` directly.\n\n**Void Linux users:** `acmetool` is in the repositories:\n\n```bash\n$ sudo xbps-install acmetool\n```\n\n**Arch Linux users:** [An AUR PKGBUILD for building from source is available.](https://aur.archlinux.org/packages/acmetool-git/)\n\n```bash\n$ wget https://aur.archlinux.org/cgit/aur.git/snapshot/acmetool-git.tar.gz\n$ tar xvf acmetool-git.tar.gz\n$ cd acmetool-git\n$ makepkg -s\n$ sudo pacman -U ./acmetool*.pkg.tar.xz\n```\n\n**Alpine Linux users:** [An APKBUILD for building from source is available.](_doc/APKBUILD)\n\n**FreeBSD users:** [FreeBSD port is available.](http://www.freshports.org/security/acmetool/)\n\n**Building from source:** You will need Go installed to build from source.\n\nIf you are on Linux, you will need to make sure the development files for\n`libcap` are installed. This is probably a package for your distro called\n`libcap-dev` or `libcap-devel` or similar.\n\n```bash\n# This is necessary to work around a change in Git's default configuration\n# which hasn't yet been accounted for in some places.\n$ git config --global http.followRedirects true\n\n$ git clone https://github.com/hlandau/acme\n$ cd acme\n$ make \u0026\u0026 sudo make install\n\n  # (People familiar with Go with a GOPATH setup can alternatively use go get/go install:)\n  $ git config --global http.followRedirects true\n  $ go get github.com/hlandau/acmetool\n```\n\n### After installation\n\n```bash\n# Run the quickstart wizard. Sets up account, cronjob, etc.\n# (If you want to use ECDSA keys or set RSA key size, pass \"--expert\".)\n$ sudo acmetool quickstart\n\n# Configure your webserver to serve challenges if necessary.\n# See https://hlandau.github.io/acmetool/userguide#web-server-configuration\n$ ...\n\n# Request the hostnames you want:\n$ sudo acmetool want example.com www.example.com\n\n# Now you have certificates:\n$ ls -l /var/lib/acme/live/example.com/\n```\n\nThe `quickstart` subcommand is a recommended wizard which guides you through\nthe setup of ACME on your system.\n\nThe `want` subcommand states that you want a certificate for the given hostnames.\n(If you want separate certificates for each of the hostnames, run the want\nsubcommand separately for each hostname.)\n\nThe default subcommand, `reconcile`, is like \"make\" and makes sure all desired\nhostnames are satisfied by valid certificates which aren't soon to expire.\n`want` calls `reconcile` automatically.\n\nIf you run `acmetool reconcile` on a cronjob to facilitate automatic renewal,\npass `--batch` to ensure it doesn't attempt to interact with a terminal.\n\nYou can increase logging severity for debugging purposes by passing\n`--xlog.severity=debug`.\n\n## Validation Options\n\n\u003cimg src=\"https://i.imgur.com/h1rtdek.png\" align=\"right\" alt=\"[screenshot]\" /\u003e\n\n**Webroot:** acmetool can place challenge files in a given directory, allowing your normal\nweb server to serve them. The files must be served from the path you specify at\n`/.well-known/acme-challenge/`.\n\n[Information on configuring your web server.](https://hlandau.github.io/acmetool/userguide#web-server-configuration-challenges)\n\n**Proxy:** acmetool can respond to validation challenges by serving them on port 402. In\norder for this to be useful, you must configure your webserver to proxy\nrequests under `/.well-known/acme-challenge/` to\n`http://127.0.0.1:402/.well-known/acme-challenge`.\n\n[Information on configuring your web server.](https://hlandau.github.io/acmetool/userguide#web-server-configuration-challenges)\n\n**Stateless:** You configure your webserver to respond statelessly to\nchallenges for a given account key without consulting acmetool. This requires\nnothing more than a one-time web server configuration change and no \"moving\nparts\". [Information on\nconfiguring stateless\nchallenges.](https://hlandau.github.io/acmetool/userguide#web-server-configuration-challenges)\n\n**Redirector:** `acmetool redirector` starts an HTTP server on port 80 which redirects all\nrequests to HTTPS, as well as serving any necessary validation responses. The\n`acmetool quickstart` wizard can set it up for you if you use systemd.\nOtherwise, you'll need to configure your system to run `acmetool redirector\n--service.uid=USERNAME --service.daemon=1` as a service, where `USERNAME` is\nthe username you want the daemon to drop to.\n\nMake sure your web server is not listening on port 80.\n\n**Listen:** If you are for some reason not running anything on port 80 or 443, acmetool\nwill use those ports. Either port being available is sufficient. This is only\nreally useful for development purposes.\n\n**Hook:** You can write custom shell scripts (or binary executables) which\nacmetool invokes to provision challenge files at the desired location. For\nexample, you could rsync challenge files to a directory on a remote server. [More information.](https://hlandau.github.io/acmetool/userguide#challenge-hooks)\n\n## Renewal\n\nacmetool will try to renew certificates automatically once they are 30 days\nfrom expiry, or 66% through their validity period, whichever is lower.\nNote that Let's Encrypt currently issues 90 day certificates.\n\nacmetool will exit with an error message with nonzero exit status if it cannot\nrenew a certificate, so it is suitable for use in a cronjob. Ensure your system\nis configured so that you get notifications of failing cronjobs.\n\nIf a cronjob fails, you should intervene manually to see what went wrong by\nrunning `acmetool` (possibly with `--xlog.severity=debug` for verbose logging).\n\n## Library\n\nThe [client library which these utilities use](https://github.com/hlandau/acmeapi) can be used independently by any Go code. [README and source code.](https://github.com/hlandau/acmeapi) [Godoc.](https://godocs.io/gopkg.in/hlandau/acmeapi.v2)\n\n## Comparison with...\n\n**certbot:** A heavyweight Python implementation which is a bit too “magic” for\nmy tastes. Tries to mutate your webserver configuration automatically.\n\nacmetool is a single-file binary which only depends on basic system libraries\n(on Linux, these are libc, libpthread, libcap, libattr). It doesn't do anything\nto your webserver; it just places certificates at a standard location and can\nalso reload your webserver (whichever webserver it is) by executing hook shell\nscripts.\n\nacmetool isn't based around individual transactions for obtaining certificates;\nit's about satisfying expressed requirements by any means necessary. Its\ncomprehensible, magic-free state directory makes it as stateless and idempotent\nas possible.\n\n**lego:** Like acmetool, [xenolf/lego](https://github.com/xenolf/lego) provides\na library and client utility. The utility provides commands for creating\ncertificates, but doesn't provide a compelling system for managing the lifetime\nof the short-lived certificates offered by Let's Encrypt. The user is expected\nto generate and install all certificates manually.\n\n**gethttpsforfree:**\n[diafygi/gethttpsforfree](https://github.com/diafygi/gethttpsforfree) provides\nan HTML file which uses JavaScript to make requests to an ACME server and\nobtain certificates. It's a functional user interface, but like lego it\nprovides no answer for the automation issue, and is thus impractical given the\nshort lifetime of certificates issued by Let's Encrypt.\n\n### Comparison, list of client implementations\n\n\u003ctable\u003e\n\u003ctr\u003e\u003ctd\u003e\u003c/td\u003e\u003cth\u003eacmetool\u003c/th\u003e\u003cth\u003e\u003ca href=\"https://github.com/certbot/certbot\"\u003ecertbot\u003c/a\u003e\u003c/th\u003e\u003cth\u003e\u003ca href=\"https://github.com/xenolf/lego\"\u003elego\u003c/a\u003e\u003c/th\u003e\u003cth\u003e\u003ca href=\"https://github.com/diafygi/gethttpsforfree\"\u003egethttpsforfree\u003c/a\u003e\u003c/th\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAutomatic renewal\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNot yet\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSAN support\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eECC support\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eOCSP Must Staple support\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://hlandau.github.io/acmetool/userguide#the-state-storage-schema\"\u003eYes\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eRevocation support\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eState management\u003c/td\u003e\u003ctd\u003eYes†\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSingle-file binary\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eQuickstart wizard\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eModifies webserver config\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eBy default\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eNon-root support\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://hlandau.github.io/acmetool/userguide#annex-root-configured-non-root-operation\"\u003eOptional\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eOptional\u003c/td\u003e\u003ctd\u003eOptional\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSupports Apache\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSupports nginx\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eExperimental\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSupports HAProxy\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSupports Hitch\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSupports any web server\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eWebroot‡\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuthorization via webroot\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003eManual\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuthorization via port 80 redirector\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuthorization via proxy\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuthorization via listener§\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuthorization via DNS\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://hlandau.github.io/acmetool/userguide#dns-hook-scripts\"\u003eHook only\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuthorization via custom hook\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://hlandau.github.io/acmetool/userguide#challenge-hooks\"\u003eYes\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eImport state from official client\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eWindows (basic) support\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eYes\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eWindows integration support\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003eNo\u003c/td\u003e\u003ctd\u003e—\u003c/td\u003e\u003c/tr\u003e\n\u003c/table\u003e\n\n† acmetool has a different philosophy to state management and configuration to\nthe Let's Encrypt client; see the beginning of this README.\n\n‡ The webroot method does not appear to provide any means of reloading the\nwebserver once the certificate has been changed, which means auto-renewal\nrequires manual intervention.\n\n§ Requires downtime.\n\nThis table is maintained in good faith; I believe the above comparison to be\naccurate. If notified of any inaccuracies, I will rectify the table and publish\na notice of correction here:\n\n  - This table previously stated that the official Let's Encrypt client doesn't\n    support non-root operation. This was incorrect; it can be installed at user\n    level and be configured to use user-writable directories.\n\n## Documentation \u0026 Support\n\nFor more documentation see:\n- [User Guide](https://hlandau.github.io/acmetool/userguide)\n- [Troubleshooting](https://hlandau.github.io/acmetool/userguide#troubleshooting)\n- [FAQ](https://hlandau.github.io/acmetool/userguide#faq)\n- [manpage](https://hlandau.github.io/acmetool/acmetool.8)\n\nIf your question or issue isn't resolved by any of the above, file an issue.\n\nIRC: [#acmetool](irc://chat.freenode.net/#acmetool) on [Freenode](http://freenode.net/) ([webchat](https://webchat.freenode.net/?channels=%23acmetool)).\n\n\n## Licence\n\n    © 2015—2019 Hugo Landau \u003chlandau@devever.net\u003e    MIT License\n\n[Licenced under the licence with SHA256 hash\n`fd80a26fbb3f644af1fa994134446702932968519797227e07a1368dea80f0bc`, a copy of\nwhich can be found\nhere.](https://raw.githubusercontent.com/hlandau/rilts/master/licences/COPYING.MIT)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhlandau%2Facmetool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhlandau%2Facmetool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhlandau%2Facmetool/lists"}