|Build Status|
Simple Let’s Encrypt
_ client.
.. code:: shell
simp_le --email you@example.com -f account_key.json \
-f account_reg.json \
-f fullchain.pem -f key.pem \
-d example.com -d www.example.com --default_root /var/www/html \
-d example.net:/var/www/other_html
For more info see simp_le --help
.
NOTE: this repository is mostly unmaintained; I will review and merge PRs, but I(@zenhack) am no longer using this tool myself and am thus not motivated to otherwise actively develop it.
UNIX philosophy
_: Do one thing and do it well!
simp_le --valid_min ${seconds?} -f cert.pem
implies that
cert.pem
is valid for at at least valid_min
(defaults to 2592000
seconds / 30 days). Register new ACME CA account if necessary. Issue
new certificate if no previous key/certificate/chain found. Renew only
if necessary.
(Sophisticated) “manager” for
${webroot?}/.well-known/acme-challenge
only. No challenges other
than http-01
. Existing web-server must be running already.
No magical webserver auto-configuration.
Owner of ${webroot?}/.well-known/acme-challenge
must be able to
run the script, without privilege escalation (sudo
, root
,
etc.).
crontab
friendly: fully automatable - no prompts, etc.
No configuration files. CLI flags as the sole interface! Users should write their own wrapper scripts or use shell aliases if necessary.
Support multiple domains with multiple roots. Always create single
SAN certificate per simp_le
run.
Flexible storage capabilities. Built-in
simp_le -f fullchain.pem -f key.pem
,
simp_le -f chain.pem -f cert.pem -f key.pem
, etc.
Do not allow specifying output file paths. Users should symlink if necessary!
No need to allow specifying an arbitrary command when renewal has happened, just check the exit code:
0
if certificate data was created or updated;1
if renewal not necessary;2
in case of errors.--server
(support multiple ACME v2 CAs).
Support for revocation.
Implicit agreement to the selected ACME CA's terms of service.
.. code:: shell
sudo ./bootstrap.sh
./venv.sh
export PATH=$PWD/venv/bin:$PATH
If you want to use simple with Docker, have a look at simp\_le for Docker
.
Have a look at https://github.com/zenhack/simp\_le/wiki/Examples for some examples.
If you’re having problems feel free to open an issue to ask questions.
.. _Let’s Encrypt: https://letsencrypt.org .. _UNIX philosophy: https://en.wikipedia.org/wiki/Unix_philosophy .. _simp_le for Docker: docker
.. |Build Status| image:: https://travis-ci.org/zenhack/simp_le.svg?branch=master :target: https://travis-ci.org/zenhack/simp_le
Below is a summary of changes introduced in each release. Any user-visible changes must be recorded here. Note that the topmost entry sometimes represents the next (i.e. not yet released) version.
Releases occur approximately every two months, unless there is a pressing need to do otherwise (e.g. security & serious bug fixes), or no changes have been made since the last release.
0.20.0 ++++++
0.19.2 ++++++
0.19.1 ++++++
six
package.0.19.0 ++++++
--use_alt_chain
flag.0.18.1 ++++++
0.18.0 ++++++
0.17.0 ++++++
0.16.0 ++++++
0.15.0 ++++++
Please read these carefully, as this release includes a couple changes that may require changes when upgrading
--server
flag, you will need to update it to point to
a v2 endpoint (or simply remove it, to use Let's Encrypt's
default v2 endpoint).-f account_reg.json
option to simp_le-f external.sh
feature.0.14.0 ++++++
0.13.0 ++++++
0.12.0 ++++++
0.11.0 ++++++
0.10.0 ++++++
0.9.0 +++++
0.8.1 +++++
0.8.0 +++++
0.7.0 +++++
0.6.2 +++++
0.6.1 +++++
0.6.0 +++++
0.5.1 +++++
0.5.0 +++++
0.4.0 +++++
0.3.0 +++++
0.2.0 +++++
0.1.1 +++++
0.1.0 +++++