目录
- vendorall: remove x/crypto/acme copy; move up cmd/acme9年前
- .drone.secci,version: add statically linked versioned binary9年前
- .drone.ymlci,version: add statically linked versioned binary9年前
- .gitignoreci,version: add statically linked versioned binary9年前
- CONTRIBUTING.mdInit10年前
- LICENSEInit10年前
- MakefileAdd support for building Illumos (Solaris) binary.9年前
- README.mdUpdate README.md for readability9年前
- cert.goRemove context deadline for manual challenges9年前
- config.goall: remove x/crypto/acme copy; move up cmd/acme9年前
- config_test.goall: remove x/crypto/acme copy; move up cmd/acme9年前
- main.goall: remove x/crypto/acme copy; move up cmd/acme9年前
- main_test.goall: remove x/crypto/acme copy; move up cmd/acme9年前
- reg.goall: upgrade to go1.79年前
- update.goall: upgrade to go1.79年前
- usage.goall: remove x/crypto/acme copy; move up cmd/acme9年前
- version.goBump version: solaris/amd64 support9年前
- who.goall: upgrade to go1.79年前
邀请码
版权所有:中国计算机学会技术支持:开源发展技术委员会
京ICP备13000930号-9
京公网安备 11010802032778号
acme
A simple command line tool to manage TLS certificates with ACME-compliant CAs, which has no third party dependencies.
If you’re looking for a package to import in your program,
golang.org/x/crypto/acmeorgolang.org/x/crypto/acme/autocertis what you’ll want instead.This package is a work in progress and makes no API stability promises.
Usage
Quick install with
go get -u github.com/google/acmeor download a pre-built binary from the releases page.The release binaries have an additional command,
acme version, which reports the release version.The easiest is to let the
acmetool generate it for you:If you want to generate a key manually:
The latter version assumes that default
acmeconfig dir is~/.config/acme. Yours may vary. Check withacme help reg.The “mailto:email@example.com“ in the example above is a contact argument. While some ACME CA may let you register without providing any contact info, it is recommended to use one. For instance a CA might need to notify cert owners with an update.
Before requesting your first certificate, you may need to accept the terms of the CA. You can check the status of your account with:
and look for the “Accepted: …” line. If it says “no”, check the CA’s terms document provided as a link in “Terms: …” field and agree by executing:
The easiest way to do this is:
The above command will generate a new certificate key (unless one already exists), and send a certificate request. The location of the output files is
~/.config/acme, but depends on your environment. You can check this location withacme help cert.If you don’t want to auto-generate a cert key, one can always be generated upfront:
in which case the cert command will look something like this:
Note that for the certificate request command to succeed, it needs to be executed in a way allowing for resolving authorization challenges (domain ownership proof). This typically means the command should be executed on the same host the domain is served from.
If the latter is not possible, use the
-manualflag and follow the instructions:License
(c) Google, 2015. Licensed under Apache-2 license.
This is not an official Google product.