simp_le
Simple Letโs Encrypt client.
simp_le --email [email protected] -f account_key.json \
-f fullchain.pem -f key.pem \
-d example.com -d www.example.com --default_root /var/www/html \
-d example.net:/var/www/other_html
For more info see simp_le --help
.
Manifest
- UNIX philosophy: Do one thing and do it well!
simp_le --valid_min ${seconds?} -f cert.pem
implies thatcert.pem
is valid for at at leastvalid_min
. Register new ACME CA account if necessary. Issue new certificate if no previous key/certificate/chain found. Renew only if necessary.- (Sophisticated) โmanagerโ for
${webroot?}/.well-known/acme-challenge
only. No challenges other thanhttp-01
. Existing web-server must be running already. - No magical webserver auto-configuration.
- Owner of
${webroot?}/.well-known/acme-challenge
must be able to run the script, without privilege escalation (sudo
,root
, etc.). crontab
friendly: fully automatable - no prompts, etc.- No configuration files. CLI flags as the sole interface! Users should write their own wrapper scripts or use shell aliases if necessary.
- Support multiple domains with multiple roots. Always create single
SAN certificate per
simp_le
run. - Flexible storage capabilities. Built-in
simp_le -f fullchain.pem -f key.pem
,simp_le -f chain.pem -f cert.pem -f key.pem
, etc. Extensions throughsimp_le -f external.sh
. - Do not allow specifying output file paths. Users should symlink if necessary!
- No need to allow specifying an arbitrary command when renewal has
happened, just check the exit code:
0
if certificate data was created or updated;1
if renewal not necessary;2
in case of errors.
--server
(support multiple CAs).- Support for revocation.
Installation
sudo ./bootstrap.sh
./venv.sh
export PATH=$PWD/venv/bin:$PATH
Help
Have a look into ./examples/
and
https://github.com/kuba/simp_le/wiki/Examples.
If youโre having problems you can chat with us on IRC (#simp_le at Freenode)