From ddbb58bb5f141a93c7dcf85ebbccb7878ed1cdde Mon Sep 17 00:00:00 2001 From: siddharth Date: Wed, 5 May 2021 23:30:54 -0400 Subject: update README.md --- README.md | 46 +++++++++------------------------------------- 1 file changed, 9 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 7799b9f..d638a93 100644 --- a/README.md +++ b/README.md @@ -23,53 +23,31 @@ pip install acmens ## getting/renewing a certificate -First, you need to generate an user account key for Let's Encrypt. -This is the key that you use to register with Let's Encrypt. If you -already have user account key with Let's Encrypt, you can skip this -step. +First, generate an user account key for Let's Encrypt: ```sh openssl genrsa -aes256 4096 > user.key openssl rsa -in user.key -pubout > user.pub ``` -Second, you need to generate the domain key and a certificate request. -This is the key that you will get signed for free for your domain (replace -"example.com" with the domain you own). If you already have a domain key -and CSR for your domain, you can skip this step. +Next, generate the domain key and a certificate request: ```sh # Generate domain key openssl genrsa -aes256 -out domain.key 4096 -# Generate CSR +# Generate CSR for a single domain openssl req -new -sha256 -key domain.key -out domain.csr -# Or Generate CSR with multiple domains +# Or Generate CSR for multiple domains openssl req -new -sha256 -key domain.key -subj "/" -addext "subjectAltName = DNS:example.com, DNS:www.example.com" > domain.csr ``` -Third, you run the script using python and passing in the path to your user -account private key, email address, and the domain CSR. The paths can be -relative or absolute. +Lastly, run `acmens`: ```sh acmens --account-key user.key --email mail@example.com --csr domain.csr > signed.crt ``` - -When you run the script, it will: - - - Register you with Let's Encrypt using the email address. - - - If the `user.key` is encrypted, openssl will ask for the passphrase every time - the private key is used for signing requests or data. - - - Ask you to provision a HTTP resource on your web server for the domain for - the ACME HTTP challenge. - - - Will write the certificate to `signed.crt` if ACME HTTP challenge is - successful. - ## dns challenge If you want to use the DNS challenge type provide it using the `--challenge` flag. @@ -82,16 +60,10 @@ This will prompt you to update the DNS records to add a TXT record. ## revoking a certificate -First, you will need to the user account key for Let's Encrypt that was used -when the certificate was signed. - -Second, you will need the PEM encoded signed certificate that was produced by -`acmens`. - -Third, you run the script using python and passing in the path to your user -account key and the signed domain certificate. The paths can be relative or -absolute. +This: ```sh -acmens --revoke -k user.key --crt domain.crt +acmens --revoke -k user.key --crt signed.crt ``` + +will revoke SSL certificate in `signed.crt`. -- cgit v1.2.3