Rewrite of acme-tiny in Perl
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
Přemysl Eric Janouch e4d159853e
Name change
3 years ago
LICENSE Name change 3 years ago
README.adoc Update README, add LICENSE 5 years ago
acme-tinier.pl Support HTTP/2 responses 4 years ago

README.adoc

acme-tinier

acme-tinier is a simplified rewrite of acme-tiny in Perl, since Python 3 wanted to take 125 MiB of space on my machine while Perl is practically everywhere and the JSON::PP package seems to be present in most of its default installations.

It is not likely to work with any other provider than Lets Encrypt, as the ACME protocol hasnt been finalised yet and there have been plenty of changes to it already.

Usage

The following is a minimal script to generate a key and a corresponding certificate using Lets Encrypt, assuming that a web server is properly set up to serve the ACME_DIR and the user running this, which should in no way be the root user, can place files in there:

#!/bin/sh -ex
[ -f account.key ] || openssl genrsa 4096 > account.key
[ -f intermediate.pem ] || curl -o intermediate.pem \
	https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem

DOMAIN=example.com

[ -f $DOMAIN.key ] || openssl genrsa 4096 > $DOMAIN.key
openssl req -new -sha256 -key $DOMAIN.key -nodes \
	-subj "/CN=$DOMAIN/emailAddress=me@example.com" > $DOMAIN.csr

ACME_DIR=/srv/http/acme-challenge \
ACCOUNT_KEY=account.key \
ACME_CA='https://acme-staging.api.letsencrypt.org' \
./acme-tinier.pl $DOMAIN.csr > $DOMAIN.crt
cat intermediate.pem >> $DOMAIN.crt

The Perl script itself is under 200 hundred lines of code, which is also the upper limit for development, and you are advised to study it before use.

Contributing and Support

Use https://git.janouch.name/p/acme-tinier to report any bugs, request features, or submit pull requests. git send-email is tolerated. If you want to discuss the project, feel free to join me at ircs://irc.janouch.name, channel #dev.

Bitcoin donations are accepted at: 12r5uEWEgcHC46xd64tt3hHt9EUvYYDHe9

License

This software is released under the terms of the 0BSD license, the text of which is included within the package along with the list of authors.