GithubHelp home page GithubHelp logo

r5d / acmens Goto Github PK

View Code? Open in Web Editor NEW
6.0 2.0 3.0 216 KB

An ACMEv2 client. Fork of acme-nosudo

License: GNU Affero General Public License v3.0

Python 96.26% Makefile 3.74%
letsencrypt acme-client acme-v2 acme certificate dns ssl

acmens's Introduction

acmens

A fork of acme-nosudo. It uses ACMEv2 protocol and requires Python 3.

acmens may be used for getting a new SSL certificate, renewing a SSL certificate for a domain, and revoking a certificate for a domain.

It's meant to be run locally from your computer.

prerequisites

  • openssl or libressl
  • python3
  • pip
  • virtualenv (if you want to use the repo version)

installation

pip install acmens

Or, if you would like to use the repo version:

cd /path/to/acmens

# init virtual environment
make venv

# activate virtual environment
. .venv/bin/activate

# put acmens in your PATH
make develop
# note that any changes you make to acmens.py will be instantly reflected
# in the acmens in your PATH.

getting/renewing a certificate

First, generate an user account key for Let's Encrypt:

openssl genrsa -aes256 4096 > user.key
openssl rsa -in user.key -pubout > user.pub

Next, generate the domain key and a certificate request:

# Generate domain key
openssl genrsa -aes256 -out domain.key 4096

# Generate CSR for a single domain
openssl req -new -sha256 -key domain.key -out domain.csr

# Or Generate CSR for multiple domains
openssl req -new -sha256 -key domain.key -subj "/" -addext "subjectAltName = DNS:example.com, DNS:www.example.com" > domain.csr

Lastly, run acmens:

acmens --account-key user.key --email [email protected] --csr domain.csr > signed.crt

dns challenge

If you want to use the DNS challenge type provide it using the --challenge flag.

acmens --account-key user.key --email [email protected] --challenge dns --csr domain.csr > signed.crt

This will prompt you to update the DNS records to add a TXT record.

revoking a certificate

This:

acmens --revoke -k user.key --crt signed.crt

will revoke SSL certificate in signed.crt.

acmens's People

Contributors

101100 avatar bryant1410 avatar diafygi avatar groestl avatar istador avatar johnlunney avatar nylen avatar r5d avatar simonbru avatar surr avatar taylormonacelli avatar zoramite avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

zoramite lihini aldocassola

acmens's Issues

Support for sub-domain or wildcard domain vaildation

I am wondering if there is support of using an openssl-san.cfg file with this tool? I attempted to create a domain.csr from a .cfg file with 5 or 6 sub-domains and received "Found Domain None" after reading the csr file, is there a way to pass multiple domains through this tool? Is there a setting that's missing from this file that would fix the issue?

Here is a sample of what the .cfg file had in it:

[req]
default_bits = 2048
default_md   = sha256
distinguished_name = req_distinguished_name
req_extensions     = req_ext
 
[ req_distinguished_name ]
countryName          = Country Name (2 letter code)
stateOrProvinceName  = State or Province Name (full name)
localityName         = Locality Name (eg, city)
organizationName     = Organization Name (eg, company)
commonName           = Common Name (e.g. server FQDN or YOUR name)
 
[ req_ext ]
 
subjectAltName = @alt_names
 
[alt_names]
DNS.1        = test.example.com
DNS.2        = www.example.com
DNS.3        = mail.example.com
DNS.4        = ftp.example.com

Invalid SSL Key (on cPanel)

for some reason i had to run openssl rsa -in domain.key -check and manually copy the RSA Key from the console and paste it on the "Private Key" section of cPanel.

Is there a flag or configuration one can do to generate the key the same way as openssl ... -check returns it?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.