Skip to content

denkhaus/lecert

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

api

api

 
 

client

client

 
 

config

config

 
 

.gitignore

.gitignore

 
 

.goxc.json

.goxc.json

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.go

main.go

 
 

Repository files navigation

lecert

This tool uses the LE CA and the ACME protocol to generate a certificate, CSR, and sign it. If you already have a CSR that can be used as well.

Install

Installation can be done with go get

go get -u github.com/denkhaus/lecert

Usage

Note that should you need to include the full certificate chain, the --chain option will include ALL LetsEncrypt certificates in the output.

Generating a new certificate

You will need to temporarily make port 80 available and have sudo/root access to the server your domain(s) point to.

lecert generate --chain example.com
# example.com.crt.pem and example.com.key.pem should be in the current directory

You can now move and/or reference example.com.crt.pem and example.com.key.pem from your TLS services.

Using an existing CSR

When using an existing CSR, the tool will automatically use the CommonName, so the domain name doesn't need to be specified.

lecert sign ./example.csr
# example.com.crt.pem should be in the current directory

Advanced

The full set of options can be printed by running lecert help

Simple utility for generating signed TLS certificates.

Usage:
  lecert [command]

Available Commands:
  generate    Generate and sign new certificate(s).
  sign        Fulfill existing CSR(s).
  verify      Verify existing certificate(s).
  renew       Renew existing certificate(s).
  ensure      Create non existing certificate(s) or renew if necessary.

Flags:
  -k, --account-key string   ACME account key (PEM format). The account key to use with this CA. If it doesn't exist, one will be generated. (default "acme.key")
  -u, --acme-url string      ACME URL. URL to the ACME directory to use. (default "https://acme-v01.api.letsencrypt.org/directory")
  -b, --bind string          Bind address. The binding address:port for the server. Note, port 80 on the domain(s) must be mapped to this address. (default ":80")
      --bits int             Bits for RSA key generation. (default 4096)
      --chain                Include full chain. If set, download and include all LE certificates in the chain.
  -h, --help                 help for lecert
  -d, --output-dir string    Output directory. Certificates and keys will be stored here. (default ".")
  -r, --root-path string     Path used by webroot mode.
      --standalone           Standalone mode provides a buildin webserver for challenge handling listening on specified bindaddress. (default true)
  -v, --verbose              Verbose mode. Logs extra messages for debugging.
      --webroot              Webroot mode uses the provided root-path for challenge handling.

Use "lecert [command] --help" for more information about a command.

About

Dead simple #LetsEncrypt client for generating signed DV X.509 certs

Resources

Readme

License

View license
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

0.0.2 Latest
Jan 18, 2016

Packages

No packages published

Languages

  • Go 100.0%