summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsiddharth <s@ricketyspace.net>2021-05-05 23:30:54 -0400
committersiddharth <s@ricketyspace.net>2021-05-05 23:30:54 -0400
commitddbb58bb5f141a93c7dcf85ebbccb7878ed1cdde (patch)
tree98a7a691b487f2db96d78a6540237e55ef54402f
parentde395d368359d0f938e646bc7a32ba57388863f8 (diff)
update README.md
-rw-r--r--README.md46
1 files changed, 9 insertions, 37 deletions
diff --git a/README.md b/README.md
index 7799b9f..d638a93 100644
--- a/README.md
+++ b/README.md
@@ -23,53 +23,31 @@ pip install acmens
## getting/renewing a certificate
-First, you need to generate an user account key for Let's Encrypt.
-This is the key that you use to register with Let's Encrypt. If you
-already have user account key with Let's Encrypt, you can skip this
-step.
+First, generate an user account key for Let's Encrypt:
```sh
openssl genrsa -aes256 4096 > user.key
openssl rsa -in user.key -pubout > user.pub
```
-Second, you need to generate the domain key and a certificate request.
-This is the key that you will get signed for free for your domain (replace
-"example.com" with the domain you own). If you already have a domain key
-and CSR for your domain, you can skip this step.
+Next, generate the domain key and a certificate request:
```sh
# Generate domain key
openssl genrsa -aes256 -out domain.key 4096
-# Generate CSR
+# Generate CSR for a single domain
openssl req -new -sha256 -key domain.key -out domain.csr
-# Or Generate CSR with multiple domains
+# Or Generate CSR for multiple domains
openssl req -new -sha256 -key domain.key -subj "/" -addext "subjectAltName = DNS:example.com, DNS:www.example.com" > domain.csr
```
-Third, you run the script using python and passing in the path to your user
-account private key, email address, and the domain CSR. The paths can be
-relative or absolute.
+Lastly, run `acmens`:
```sh
acmens --account-key user.key --email mail@example.com --csr domain.csr > signed.crt
```
-
-When you run the script, it will:
-
- - Register you with Let's Encrypt using the email address.
-
- - If the `user.key` is encrypted, openssl will ask for the passphrase every time
- the private key is used for signing requests or data.
-
- - Ask you to provision a HTTP resource on your web server for the domain for
- the ACME HTTP challenge.
-
- - Will write the certificate to `signed.crt` if ACME HTTP challenge is
- successful.
-
## dns challenge
If you want to use the DNS challenge type provide it using the `--challenge` flag.
@@ -82,16 +60,10 @@ This will prompt you to update the DNS records to add a TXT record.
## revoking a certificate
-First, you will need to the user account key for Let's Encrypt that was used
-when the certificate was signed.
-
-Second, you will need the PEM encoded signed certificate that was produced by
-`acmens`.
-
-Third, you run the script using python and passing in the path to your user
-account key and the signed domain certificate. The paths can be relative or
-absolute.
+This:
```sh
-acmens --revoke -k user.key --crt domain.crt
+acmens --revoke -k user.key --crt signed.crt
```
+
+will revoke SSL certificate in `signed.crt`.