https://github.com/aeris/acme-pki

Tiny ACME PKI
https://github.com/aeris/acme-pki

Last synced: 3 months ago
JSON representation

Tiny ACME PKI

• Host: GitHub
• URL: https://github.com/aeris/acme-pki
• Owner: aeris
• License: agpl-3.0
• Created: 2016-04-24T09:29:29.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2020-06-20T15:36:02.000Z (over 4 years ago)
• Last Synced: 2024-04-29T12:43:14.662Z (6 months ago)
• Language: Ruby
• Size: 35.2 KB
• Stars: 16
• Watchers: 2
• Forks: 6
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Acme/PKI

Tiny PKI based on [Acme/client](https://github.com/unixcharles/acme-client).

Licensed under [AGPLv3+](https://www.gnu.org/licenses/agpl-3.0.en.html).

## Usage

### Registration

	Usage: letsencrypt register 

### Generate secret key

	Usage: letsencrypt key  [options]

		-r, --rsa [KEYSIZE]              RSA key, key size

		-e, --ecc [CURVE]                ECC key, curve

Generate a key (default is an EC secp384r1 key) in `example.bar.foo.pem`

	letsencrypt key foo.bar.example

Default key is an EC secp384r1.

### Generate certificate request

	Usage: letsencrypt csr  [options]

		-k, --key [KEYFILE]              Key file

		-d, --domains [DOMAINS]          Domains

Generate a certificate request in `example.bar.foo.csr`

	letsencrypt csr foo.bar.example

If you have multiple domains

	letsencrypt csr foo.example -d bar.example -d baz.example

### Request certificate

	Usage: letsencrypt crt  [options]

		-c, --csr [CSR]                  CSR file

Request the corresponding certificate in `example.bar.foo.crt`

	letsencrypt crt foo.bar.example

You can call directly the certificate issuance, CSR and key will be created when needed.

### Renew certificate

	Usage: letsencrypt renew  [options]

		-c, --csr [CSR]                  CSR file

Renew the `example.bar.foo.crt` if needed (default is 30d before expiration).

	letsencrypt renew foo.bar.example

If certificate was renewed, return code is 0 else 1, for post-action on crontab for example

	#!/bin/bash

	cd /etc/ssl/private

	

	if letsencrypt renew foo.bar.example; then

		service apache2 reload

	fi

### Get information from key or certificate

	letsencrypt info  [options]

		-k, --key                        Key information

		-c, --crt                        Certificate information

Display various information (fingerprints, HPKP, TLSA…) for key or certificate.

	letsencrypt info foo.bar.example

	letsencrypt info -c foo.bar.example

## Environment variables

You can define which ACME endpoint is used with `ACME_ENDPOINT` environment variable.

Default is Let’s encrypt production endpoint (`https://acme-v01.api.letsencrypt.org/`).

You can use Let’s encrypt staging endpoint (`https://acme-staging.api.letsencrypt.org/`) for testing.

Default account key is `account.key` in the current directory. You can specify another key file with `ACME_ACCOUNT_KEY` environment variable.

Default ACME challenge directory is `acme-challenge` in the current directory.

You can change it with `ACME_CHALLENGE` environment variable.