https://github.com/anxiousmodernman/certnab
ACME client
https://github.com/anxiousmodernman/certnab
acme-client
Last synced: 8 months ago
JSON representation
ACME client
- Host: GitHub
- URL: https://github.com/anxiousmodernman/certnab
- Owner: anxiousmodernman
- License: mit
- Created: 2017-12-05T06:03:40.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2017-12-10T05:53:00.000Z (almost 8 years ago)
- Last Synced: 2025-01-06T13:33:10.301Z (9 months ago)
- Topics: acme-client
- Language: Go
- Homepage:
- Size: 6.84 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# certnab
Simple Let's Encrypt client.
## Usage
This is a standalone binary that performs the ACME protocol's HTTP-based
challenge against an ACME server. By default, certnab uses the Let's Encrypt
**staging** endpoint. This allows you to test connectivity before hitting prod.
If you want to get "real" certs, you must pass the production URL (Dec 2017:
acme-v01.api.letsencrypt.org) with the `--acme-server` flag.
For example
```
certnab renew --acme-server=acme-v01.api.letsencrypt.org --domain=example.com --dest=$(pwd)
```
If all goes well, you can inspect the resulting cert like this
```
cat cert.pem | openssl x509 -text
```
Important notes:
* certnab spins up a temporary server that binds to port 80, and so it will
probably need to run as root
* No other server can be bound to port 80 while certnab runs (it should only
take a few seconds to run)
* Completing this challenge requires DNS to point at the IP where certnab runs
* Let's Encrypt has very strict rate limits, and they'll lock you out for days
if you exceed your limit. Test against their staging server first!
* This ACME challenge scheme will likely involve a little bit of downtime, but
is also simple and effective.