lencr

command module

v0.0.0-...-34a663e Latest Latest Go to latest Published: Jul 2, 2023 License: 0BSD Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

codeberg.org/nishanths/lencr

README ¶

Command lencr generates certificates from ACME-based CAs, such as Let's Encrypt.

Usage

Install the command:

go install go.growl.space/lencr@latest

Run lencr -h for details on usage. The output of lencr -h from the time of writing is below.

usage: lencr [optional flags] [-a dir] [-d domain ...]

Required flags:
  -a dir     directory to write ACME HTTP-01 challenge files
  -d domain  domain to make certificate for (can be repeated)

Optional flags:
  -c       delete ACME challenge files on exit (default true)
  -k file  CA account key, PEM-encoded RSA (defaults to an ephemeral key)
  -o dir   output directory for cert.pem and key.pem files (default ".")
  -u url   CA directory endpoint (defaults to Let's Encrypt production)
  -v       log verbosely

The -a flag specifies the directory to which the command should write ACME HTTP-01 challenge files. An external HTTP server should be running to respond to the corresponding ACME challenge requests for each specified domain.

The -d flag specifies the domain to generate the certificate for. Multiple domains can be specified by repeating the flag (see example below).

The order of domains specified on the command line effectively should not matter for most use cases, because all specified domains will be included in the certificate's SAN field; however note that the first domain specified on the command line will be listed in the certificate's CN field.

The command generates an ephemeral account key to use with the certificate authority (CA) on each invocation. The optional -k flag can be used to specify an existing account key. The key file, if specified, must contain a PEM-encoded RSA private key.

The generated full chain certificate file (cert.pem) and key file (key.pem) are written to the current directory by default. The output directory can be controlled using the optional -o flag. The names of the output files cannot be configured.

The certificates generated by the command are signed using the Let's Encrypt production service. The optional -u flag can be used to specify an alternate ACME-based CA directory endpoint; this CA's service will be used to sign the certificate instead. For reference, the Let's Encrypt production URL is https://acme-v02.api.letsencrypt.org/directory and the Let's Encrypt staging URL is https://acme-staging-v02.api.letsencrypt.org/directory. The staging service should be used when testing your configuration; it also has more lenient rate limits.

Example

The following example generates a certificate and key pair for three domains, namely littleroot.org, growl.space, and blog.growl.space.

$ lencr -v -a $HOME/http/well-known/acme-challenge \
    -d littleroot.org \
    -d growl.space \
    -d blog.growl.space

Documentation ¶

Overview ¶

Command lencr generates certificates from ACME-based CAs, such as Let's Encrypt.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL