Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kuba/simp_le

Simple Let's Encrypt Client
https://github.com/kuba/simp_le

Last synced: 5 days ago
JSON representation

Simple Let's Encrypt Client

Host: GitHub
URL: https://github.com/kuba/simp_le
Owner: kuba
License: gpl-3.0
Created: 2015-11-15T21:43:49.000Z (almost 9 years ago)
Default Branch: master
Last Pushed: 2018-09-15T19:09:49.000Z (about 6 years ago)
Last Synced: 2024-08-02T12:48:06.515Z (3 months ago)
Language: Python
Homepage:
Size: 353 KB
Stars: 886
Watchers: 22
Forks: 59
Open Issues: 32
Metadata Files:
- Readme: README.rst
- Contributing: CONTRIBUTING.md
- License: LICENSE.txt

Awesome Lists containing this project

awesome-starred - kuba/simp_le - Simple Let's Encrypt Client (others)

README

simp\_le
========

|Build Status|

Simple `Let’s Encrypt`_ client.

.. code:: shell

simp_le --email [email protected] -f account_key.json \
-f fullchain.pem -f key.pem \
-d example.com -d www.example.com --default_root /var/www/html \
-d example.net:/var/www/other_html

For more info see ``simp_le --help``.

Manifest
--------

1. `UNIX philosophy`_: Do one thing and do it well!

2. ``simp_le --valid_min ${seconds?} -f cert.pem`` implies that
``cert.pem`` is valid for at at least ``valid_min``. Register new
ACME CA account if necessary. Issue new certificate if no previous
key/certificate/chain found. Renew only if necessary.

3. (Sophisticated) “manager” for
``${webroot?}/.well-known/acme-challenge`` only. No challenges other
than ``http-01``. Existing web-server must be running already.

4. No magical webserver auto-configuration.

5. Owner of ``${webroot?}/.well-known/acme-challenge`` must be able to
run the script, without privilege escalation (``sudo``, ``root``,
etc.).

6. ``crontab`` friendly: fully automatable - no prompts, etc.

7. No configuration files. CLI flags as the sole interface! Users
should write their own wrapper scripts or use shell aliases if
necessary.

8. Support multiple domains with multiple roots. Always create single
SAN certificate per ``simp_le`` run.

9. Flexible storage capabilities. Built-in
``simp_le -f fullchain.pem -f key.pem``,
``simp_le -f chain.pem -f cert.pem -f key.pem``, etc. Extensions
through ``simp_le -f external.sh``.

10. Do not allow specifying output file paths. Users should symlink if
necessary!

11. No need to allow specifying an arbitrary command when renewal has
happened, just check the exit code:

- ``0`` if certificate data was created or updated;
- ``1`` if renewal not necessary;
- ``2`` in case of errors.

12. ``--server`` (support multiple CAs).

13. Support for revocation.

Installation
------------

.. code:: shell

sudo ./bootstrap.sh
./venv.sh
export PATH=$PWD/venv/bin:$PATH

Help
----

Have a look into ``./examples/`` and
https://github.com/kuba/simp\_le/wiki/Examples.

If you’re having problems you can chat with us on `IRC (#simp\_le at
Freenode)`_

.. _Let’s Encrypt: https://letsencrypt.org
.. _UNIX philosophy: https://en.wikipedia.org/wiki/Unix_philosophy
.. _IRC (#simp\_le at Freenode): http://webchat.freenode.net?randomnick=1&channels=%23simp_le&prompt=1

.. |Build Status| image:: https://travis-ci.org/kuba/simp_le.svg?branch=master
:target: https://travis-ci.org/kuba/simp_le