diff options
author | siddharth <s@ricketyspace.net> | 2021-05-05 23:30:54 -0400 |
---|---|---|
committer | siddharth <s@ricketyspace.net> | 2021-05-05 23:30:54 -0400 |
commit | ddbb58bb5f141a93c7dcf85ebbccb7878ed1cdde (patch) | |
tree | 98a7a691b487f2db96d78a6540237e55ef54402f /README.md | |
parent | de395d368359d0f938e646bc7a32ba57388863f8 (diff) |
update README.md
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 46 |
1 files changed, 9 insertions, 37 deletions
@@ -23,53 +23,31 @@ pip install acmens ## getting/renewing a certificate -First, you need to generate an user account key for Let's Encrypt. -This is the key that you use to register with Let's Encrypt. If you -already have user account key with Let's Encrypt, you can skip this -step. +First, generate an user account key for Let's Encrypt: ```sh openssl genrsa -aes256 4096 > user.key openssl rsa -in user.key -pubout > user.pub ``` -Second, you need to generate the domain key and a certificate request. -This is the key that you will get signed for free for your domain (replace -"example.com" with the domain you own). If you already have a domain key -and CSR for your domain, you can skip this step. +Next, generate the domain key and a certificate request: ```sh # Generate domain key openssl genrsa -aes256 -out domain.key 4096 -# Generate CSR +# Generate CSR for a single domain openssl req -new -sha256 -key domain.key -out domain.csr -# Or Generate CSR with multiple domains +# Or Generate CSR for multiple domains openssl req -new -sha256 -key domain.key -subj "/" -addext "subjectAltName = DNS:example.com, DNS:www.example.com" > domain.csr ``` -Third, you run the script using python and passing in the path to your user -account private key, email address, and the domain CSR. The paths can be -relative or absolute. +Lastly, run `acmens`: ```sh acmens --account-key user.key --email mail@example.com --csr domain.csr > signed.crt ``` - -When you run the script, it will: - - - Register you with Let's Encrypt using the email address. - - - If the `user.key` is encrypted, openssl will ask for the passphrase every time - the private key is used for signing requests or data. - - - Ask you to provision a HTTP resource on your web server for the domain for - the ACME HTTP challenge. - - - Will write the certificate to `signed.crt` if ACME HTTP challenge is - successful. - ## dns challenge If you want to use the DNS challenge type provide it using the `--challenge` flag. @@ -82,16 +60,10 @@ This will prompt you to update the DNS records to add a TXT record. ## revoking a certificate -First, you will need to the user account key for Let's Encrypt that was used -when the certificate was signed. - -Second, you will need the PEM encoded signed certificate that was produced by -`acmens`. - -Third, you run the script using python and passing in the path to your user -account key and the signed domain certificate. The paths can be relative or -absolute. +This: ```sh -acmens --revoke -k user.key --crt domain.crt +acmens --revoke -k user.key --crt signed.crt ``` + +will revoke SSL certificate in `signed.crt`. |