2020-02-02 16:40:58 +01:00
|
|
|
bacme
|
|
|
|
|
=====
|
2017-12-30 20:16:18 +01:00
|
|
|
|
|
|
|
|
Documentation
|
|
|
|
|
-------------
|
|
|
|
|
|
|
|
|
|
This is a "keep it simple" shell script for requesting a certificate from the
|
|
|
|
|
Let's Encrypt CA using the ACME protocol.
|
|
|
|
|
|
|
|
|
|
Simplifications for example are:
|
2017-12-30 21:14:55 +01:00
|
|
|
|
2020-01-04 17:54:05 +01:00
|
|
|
- supports ACMEv2 (RFC 8555) only, not the deprecated ACMEv1
|
2017-12-30 20:16:18 +01:00
|
|
|
- supports http validation only
|
2018-06-28 14:48:50 +02:00
|
|
|
- keys are not reused but regenerated every time
|
2024-07-17 14:09:20 +02:00
|
|
|
- both the account and the domain key
|
2018-06-28 14:48:50 +02:00
|
|
|
- in part this is also because of privacy considerations
|
|
|
|
|
|
|
|
|
|
The script is intentionally made so by default it will not do anything on your
|
|
|
|
|
server by itself. There is no need that you have to run it directly on your
|
2020-01-04 17:54:05 +01:00
|
|
|
server (as root or otherwise). You keep control over the validation and
|
2018-06-28 14:48:50 +02:00
|
|
|
installation process.
|
|
|
|
|
A typical automated renewal process would be to let the script generate new
|
2024-07-17 14:09:20 +02:00
|
|
|
private keys, automate the http validation by using an SSH-key-authenticated
|
2018-06-28 14:48:50 +02:00
|
|
|
rsync with the --webroot option and installing the generated keys and
|
|
|
|
|
certificates via e.g. an Ansible playbook.
|
2017-12-30 20:16:18 +01:00
|
|
|
|
|
|
|
|
The script is intended to be easy to understand but still allow the complete
|
2020-01-04 17:54:05 +01:00
|
|
|
automatic generation of a certificate.
|
2018-06-28 14:48:50 +02:00
|
|
|
It is also a working small example to learn the ACME protocol.
|
2017-12-30 20:16:18 +01:00
|
|
|
|
2017-12-30 21:14:55 +01:00
|
|
|
|
2017-12-30 20:16:18 +01:00
|
|
|
Let's Encrypt Subscriber Agreement
|
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
|
|
By using this script you accept the Let's Encrypt Subscriber Agreement.
|
2024-07-17 14:09:20 +02:00
|
|
|
The latest version can be found at https://letsencrypt.org/repository/.
|
2017-12-30 20:16:18 +01:00
|
|
|
|
2017-12-30 21:14:55 +01:00
|
|
|
|
2020-01-04 17:54:05 +01:00
|
|
|
Usage
|
|
|
|
|
-----
|
|
|
|
|
|
|
|
|
|
```
|
2020-02-02 16:40:58 +01:00
|
|
|
Usage: bacme [options...] <domain> [ <domain> ... ]
|
2020-01-04 17:54:05 +01:00
|
|
|
Options:
|
|
|
|
|
-e, --email EMAIL Your email if you want that Let's Encrypt can contact you
|
|
|
|
|
-h, --help This help
|
|
|
|
|
-t, --test Use staging API of Let's Encrypt for testing the script
|
|
|
|
|
-v, --verbose Verbose mode, print additional debug output
|
|
|
|
|
-w, --webroot DIRECTORY Path to the DocumentRoot of your webserver. Can be a rsync
|
|
|
|
|
compatible remote location like www@myserver:/srv/www/htdocs/.
|
|
|
|
|
|
|
|
|
|
The first domain parameter should be your main domain name with the subdomains following after it.
|
|
|
|
|
|
2020-02-02 16:40:58 +01:00
|
|
|
Example: ./bacme -e me@example.com -w www@server:/var/www/example/ example.com www.example.com
|
2020-01-04 17:54:05 +01:00
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
See EXAMPLES.md for sample executions and their output.
|
|
|
|
|
|
|
|
|
|
|
2017-12-30 20:16:18 +01:00
|
|
|
Useful links
|
|
|
|
|
------------
|
2017-12-30 21:14:55 +01:00
|
|
|
|
2020-01-04 17:54:05 +01:00
|
|
|
- ACME protocol: https://tools.ietf.org/html/rfc8555
|
2018-06-28 14:48:50 +02:00
|
|
|
- Other ACME clients: https://letsencrypt.org/docs/client-options/
|
2017-12-30 20:16:18 +01:00
|
|
|
|
