Simple Let's Encrypt client.
simp_le -f fullchain.pem -f key.pem \ -d example.com -d www.example.com --default_root /var/www/html \ -d other.com:/var/www/other_html
For more info see simp_le --help.
Manifest
UNIX philosophy: Do one thing and do it well!
simp_le --valid_min ${seconds?} -f cert.pemimplies thatcert.pemis valid for at at leastvalid_min. Register new ACME CA account if necessary. Issue new certificate if no previous key/certificate/chain found. Renew only if necessary.(Sophisticated) "manager" for
${webroot?}/.well-known/acme-challengeonly. No challenges other thanhttp-01. Existing web-server must be running already.No magical webserver auto-configuration.
Owner of
${webroot?}/.well-known/acme-challengemust be able to run the script, without privilege escalation (sudo,root, etc.).crontabfriendly: fully automatable - no prompts, etc.No configuration files. CLI flags as the sole interface! Users should write their own wrapper scripts or use shell aliases if necessary.
Support multiple domains with multiple roots. Always create single SAN certificate per
simp_lerun.Flexible storage capabilities. Built-in
simp_le -f fullchain.pem -f key.pem,simp_le -f chain.pem -f cert.pem -f key.pem, etc. Extensions throughsimp_le -f external_pem.sh.Do not allow specifying output file paths. Users should symlink if necessary!
No need to allow specifying an arbitrary command when renewal has happened, just check the exit code:
0if certificate data was created or updated;1if renewal not necessary;2in case of errors.
--server(support multiple CAs).Support for revocation.
Installation
sudo ./bootstrap.sh ./venv.sh . venv/bin/activate
Help
Have a look into ./examples/ and
github.com/kuba/simp_l….
If you're having problems you can chat with us on IRC (#simp_le at Freenode)
