GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ costela β†’ wile

costela / wile

Licence: GPL-3.0 license
Stripped down letsencrypt (ACME) client

Programming Languages

python
139335 projects - #7 most used programming language

Labels

clisslclientsecuritycertificateacme

Projects that are alternatives of or similar to wile

ACMECert
PHP client library for Let's Encrypt (ACME v2 - RFC 8555)
Stars: ✭ 83 (+453.33%)
Mutual labels:  ssl, certificate, acme
Acmetool
πŸ”’ acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (+12446.67%)
Mutual labels:  ssl, certificate, acme
freshcerts
ACME certificate protocol (Let's Encrypt) proxy client with a dashboard and monitoring
Stars: ✭ 59 (+293.33%)
Mutual labels:  ssl, certificate, acme
Crypt Le
Crypt::LE - Let's Encrypt / Buypass / ACME client and library in Perl for obtaining free SSL certificates (inc. generating RSA/ECC keys and CSRs). HTTP/DNS verification is supported out of the box, easily extended with plugins, easily dockerized.
Stars: ✭ 277 (+1746.67%)
Mutual labels:  ssl, certificate, acme
qiniu-auto-cert
七牛 CDN 证书θ‡ͺεŠ¨εŒ–ε·₯ε…·
Stars: ✭ 20 (+33.33%)
Mutual labels:  ssl, certificate, acme
Certificaat
General-purpose ACME client
Stars: ✭ 88 (+486.67%)
Mutual labels:  ssl, certificate, acme
Acme client
Java ACME Client application
Stars: ✭ 77 (+413.33%)
Mutual labels:  ssl, certificate, acme
Pki
The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
Stars: ✭ 97 (+546.67%)
Mutual labels:  ssl, certificate, acme
Mutual Tls Ssl
πŸ” Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual mutual authentication for a java based web server and a client with both Spring Boot. Different clients are provided such as Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k, Kohttp and ktor. Also other server examples are available such as jersey with grizzly. Also gRPC examples are included
Stars: ✭ 163 (+986.67%)
Mutual labels:  ssl, certificate
Sslfie
Generate self-signed x.509 certificates for use with SSL/TLS
Stars: ✭ 169 (+1026.67%)
Mutual labels:  ssl, certificate
acme2
Another PHP client for acme protocal (version 2) implementation, used for generating letsencrypt's free ssl certificates.
Stars: ✭ 45 (+200%)
Mutual labels:  ssl, certificate
Cert
Cert is the Go tool to get TLS certificate information.
Stars: ✭ 166 (+1006.67%)
Mutual labels:  ssl, certificate
Bubbly
Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.
Stars: ✭ 213 (+1320%)
Mutual labels:  ssl, certificate
Manuale
A fully manual Let's Encrypt/ACME client
Stars: ✭ 201 (+1240%)
Mutual labels:  ssl, acme
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+800%)
Mutual labels:  ssl, certificate
Ssl exporter
Exports Prometheus metrics for SSL certificates
Stars: ✭ 211 (+1306.67%)
Mutual labels:  ssl, certificate
Certstrap
Tools to bootstrap CAs, certificate requests, and signed certificates.
Stars: ✭ 1,689 (+11160%)
Mutual labels:  ssl, certificate
Terraform Provider Acme Old
ACME (Let's Encrypt) Support for Terraform
Stars: ✭ 211 (+1306.67%)
Mutual labels:  ssl, acme
Acme Nginx
python acme client for nginx
Stars: ✭ 248 (+1553.33%)
Mutual labels:  ssl, certificate
AzureWebAppSSLManager
Acquires and manages free SSL certificates for Azure Web App and Azure Functions applications.
Stars: ✭ 70 (+366.67%)
Mutual labels:  ssl, acme
View All Similar Projects βž”

Build Status PyPI version

⚠ UNMAINTAINED AND DEPRECATED

This code was a nice exercise, but it has been undermaintained for a while and multiple better alternatives are available. Please consider switching.

Overview

Wile is a simple Let's Encrypt (ACME) client that only supports the "webroot" method of validation. It only needs access to the root folder serving the domains in question. Specifically, it only needs access to the .well-known sub-folder and therefore doesn't need permission to access the actual website's content.

The .well-known folder must also be accessible from external sources. I.e.: if you run a reverse proxy for some backend application, it should include an exception for this folder.

Usage

Generating a certificate request

Simple anonymous certificate request:

$ wile cert request example.com:/var/www/example.com/

Registration with contact information, and saving certs to some other location (by default the certificate is saved to current folder):

$ wile register -e [email protected]
$ wile cert request --output-dir /etc/ssl/private/ example.com:/var/www/example.com/

Certificate request using remote webroot validation of SSH/SFTP:

$ wile cert request example.com:[email protected]:/var/www/example.com/

Syntax for remote webroot validation argument is: DOMAIN:[[[USER@]HOST[:PORT]:]PATH].

Storing remote webroot validation is done via SFTP using SSH public key authentication. You can explicitly define path to your private key using --ssh-private-key option. Also, if your private key has been secured with a password you must provide your private key password using an ENV variable (WILE_SSH_PASS='<your password>'). Note that there are single quotes around the password so that your shell doesn't try to expand the symbols within the password.

Note that you can also pass multiple domains with a single document root, which creates a certificate with Subject Alternative Names.

$ wile cert request example.com:/var/www/example.com/ www.example.com

In case of a remote webroot validation:

$ wile cert request example.com:[email protected]:/var/www/example.com/ www.example.com

Revoking a certificate

Simple anonymous certificate revocation:

$ wile cert revoke /etc/ssl/private/example.com.crt

Certificate renewal

By default, no new request will be made if wile detects an existing certificate for the same requested domains with a validity of at least 1 week. This can be changed with the --min-valid-time and --force options.

This way a simple daily cronjob is enough to ensure certificate freshness and should make renewals resiliant against moderate letsencrypt API downtime.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].