neuralspaz / go-acme-client Goto Github PK

acme-client is an ACME client (the prococol behind https://letsencrypt.org/) which tries to take away the magic; it needs manual handling of the challenge response, although it aids the administrator in the process.

The security benefit is that the registration (consisting of a private key) can be kept offline, instead of keeping it on the live server as intended by the letsencrypt project.

THIS PROJECT IS STILL EXPERIMENTAL; EACH UPDATE MIGHT BREAK THE LOCAL STORAGE.

(Setup GOPATH first; something like export GOPATH=$HOME/go)

go get github.com/stbuehler/go-acme-client/acme-client

For now the binary will put persistent data into storage.sqlite3 in the current working directory, so always run it from the same working directory.

$GOPATH/bin/acme-client register

The password is used for local encryption of your private key (which is used to sign your requests) and other data.

$GOPATH/bin/acme-client authorize example.com

It will show various challenges and combinations. You need to satisfy at least on combination (i.e. all challenges part of it).

Select the challenge you want to respond to (simpleHttp involves serving a static file, dvsni setting up a "fake" vhost with a SSL certificate), and follow the instructions.

$GOPATH/bin/acme-client certificate

It takes an optional private key, otherwise it will generate one (by default a 2048-bit RSA key).

It will ask interactively for the domain names you want the certificate to be valid for (the first one will also be used in the Common Name).