Project

acme-pki

0.01
No commit activity in last 3 years
No release in over 3 years
Manage your keys, requests and certificates.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

 Project Readme

Acme/PKI

Tiny PKI based on Acme/client.

Licensed under AGPLv3+.

Usage

Registration

Usage: letsencrypt register <email>

Generate secret key

Usage: letsencrypt key <domain> [options]
	-r, --rsa [KEYSIZE]              RSA key, key size
	-e, --ecc [CURVE]                ECC key, curve

Generate a key (default is an EC secp384r1 key) in example.bar.foo.pem

letsencrypt key foo.bar.example

Default key is an EC secp384r1.

Generate certificate request

Usage: letsencrypt csr <domain> [options]
	-k, --key [KEYFILE]              Key file
	-d, --domains [DOMAINS]          Domains

Generate a certificate request in example.bar.foo.csr

letsencrypt csr foo.bar.example

If you have multiple domains

letsencrypt csr foo.example -d bar.example -d baz.example

Request certificate

Usage: letsencrypt crt <domain> [options]
	-c, --csr [CSR]                  CSR file

Request the corresponding certificate in example.bar.foo.crt

letsencrypt crt foo.bar.example

You can call directly the certificate issuance, CSR and key will be created when needed.

Renew certificate

Usage: letsencrypt renew <domain> [options]
	-c, --csr [CSR]                  CSR file

Renew the example.bar.foo.crt if needed (default is 30d before expiration).

letsencrypt renew foo.bar.example

If certificate was renewed, return code is 0 else 1, for post-action on crontab for example

#!/bin/bash
cd /etc/ssl/private

if letsencrypt renew foo.bar.example; then
	service apache2 reload
fi

Get information from key or certificate

letsencrypt info <domain> [options]
	-k, --key                        Key information
	-c, --crt                        Certificate information

Display various information (fingerprints, HPKP, TLSA…) for key or certificate.

letsencrypt info foo.bar.example
letsencrypt info -c foo.bar.example

Environment variables

You can define which ACME endpoint is used with ACME_ENDPOINT environment variable. Default is Let’s encrypt production endpoint (https://acme-v01.api.letsencrypt.org/). You can use Let’s encrypt staging endpoint (https://acme-staging.api.letsencrypt.org/) for testing.

Default account key is account.key in the current directory. You can specify another key file with ACME_ACCOUNT_KEY environment variable.

Default ACME challenge directory is acme-challenge in the current directory. You can change it with ACME_CHALLENGE environment variable.