This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description
========================================
lecm: Let's Encrypt Certificates Manager
========================================

|buildstatus|_ |release|_ |versions|_


`Let's Encrypt`_ Certificates Manager (lecm) is an
utility that allows one to manage (generate and renew) Let's Encrypt SSL
certificates.

Goal
----

The goal of ``lecm`` is to be able to generate and renew
`Let's Encrypt`_ SSL certificates automatically.

``lecm`` is configuration driven. Each certificate that needs to be managed
is described in the configuration file.

Installation
------------

Using pypi
^^^^^^^^^^

You just need to

``$ pip install lecm``

Debian-based distro (Debian, Ubuntu, …)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

There is an `official Debian package for lecm`_

``$ sudo apt-get install lecm``

How to run it
-------------

``lecm`` is configuration driven. The configuration file is (by order of
priority):

1. The one specified on the command line (``lecm --conf /path/to/conf.yml``)
2. The one specified in the environment variable ``$LECM_CONFIGURATION``
3. The ``/etc/lecm.conf``

``lecm`` supports various commands:


``--generate``
^^^^^^^^^^^^^^

``lecm --generate`` will generate SSL certificates for items listed in the
configuration file that are not present in the filesystem.


``--renew``
^^^^^^^^^^^

``lecm --renew`` will renew SSL certificates already present on the filesystem
if its expiry date is lower than the ``remainin_days`` value.


``--force``
^^^^^^^^^^^

``lecm --force`` will force the regeneration or renewal of SSL certificates, even
if its expiry date is not lower than the ``remainin_days`` value.


``--list``
^^^^^^^^^^

``lecm --list`` will display basic informations about currently configured items.


.. code-block::

+--------- +----------------------------------+---------------+------------------------------------------------------------------+-----------------------------------------------------------+------+
| In Sync | Item | Status | subjectAltName | Location | Days |
+--------- +----------------------------------+---------------+------------------------------------------------------------------+-----------------------------------------------------------+------+
| True | lecm-test.distributed-ci.io | Generated | DNS:lecm-test.distributed-ci.io | /etc/letsencrypt/pem/lecm-test.distributed-ci.io.pem | 89 |
| False | lecm-test-test.distributed-ci.io | Not-Generated | DNS;lecm-test-test.distributed-ci.io,DNS:lecm.distributedi-ci.io | /etc/letsencrypt/pem/lecm-test-test.distributed-ci.io.pem | N/A |
+----------+----------------------------------+---------------+------------------------------------------------------------------+-----------------------------------------------------------+------+


``--list-details``
^^^^^^^^^^^^^^^^

``lecm --list-details`` will display details informations about currently configured items.

.. code-block::

+--------- +----------------------------------+---------------+------------------------------------------------------------------+---------------------------+--------------+-----------------------------------------------------------+------+------+--------+------+
| In Sync | Item | Status | subjectAltName | emailAddress | Environment | Location | Type | Size | Digest | Days |
+--------- +----------------------------------+---------------+------------------------------------------------------------------+---------------------------+--------------+-----------------------------------------------------------+------+------+--------+------+
| True | lecm-test.distributed-ci.io | Generated | DNS:lecm-test.distributed-ci.io | distributed-ci@redhat.com | production | /etc/letsencrypt/pem/lecm-test.distributed-ci.io.pem | RSA | 4096 | sha256 | 89 |
| False | lecm-test-test.distributed-ci.io | Not-Generated | DNS;lecm-test-test.distributed-ci.io,DNS:lecm.distributedi-ci.io | distributed-ci@redhat.com | staging | /etc/letsencrypt/pem/lecm-test-test.distributed-ci.io.pem | RSA | 2048 | sha256 | N/A |
+----------+----------------------------------+---------------+------------------------------------------------------------------+---------------------------+--------------|-----------------------------------------------------------+------+------+--------+------+


Configuration
-------------

Every parameters are either applicable globally or within the scope of a certificate. The finest specification wins.

+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| Parameter | Scope | Default | Description |
+========================+=====================+===================+===============================================================================+
| path | global, certificate | None | Folder where will reside all the relevant files |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| type | global, certificate | RSA | Type of the key to generate (Possible: RSA, DSA) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| size | global, certificate | 4096 | Size of the key to generate |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| digest | global, certificate | sha256 | Digest of the key to generate |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| version | global, certificate | 3 | Version of the SSL Certificate to generate |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| subjectAltName | global, certificate | None | subjectAltName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| countryName | global, certificate | None | countryName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| stateOrProvinceName | global, certificate | None | stateOrProvinceName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| localityName | global, certificate | None | localityName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| organizationName | global, certificate | None | organizationName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| organizationalUnitName | global, certificate | None | organizationalUnitName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| commonName | global, certificate | None | commonName value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| emailAddress | global, certificate | None | emailAddress value of the Certificate Signing Request (csr) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| account_key_name | global, certificate | account_$fqdn.key | Name of the account key to generate |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| remaining_days | global, certificate | 10 | Number of days of validity below which the SSL Certificate should be renewed |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| service_name | global, certificate | httpd | Service that needs to be reloaded for the change to be taken in consideration |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| service_provider | global, certificate | systemd | Service management system (Possible: systemd, sysv) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+
| environment | global, certificate | production | Let's Encrypt environment to use (Possible: production, staging) |
+------------------------+---------------------+-------------------+-------------------------------------------------------------------------------+


Configuration file example
--------------------------

.. code-block::

---
path: /etc/letsencrypt

certificates:
my.example.com:
app.example.com:
subjectAltName:
- app.example.com
- app1.example.com
- app2.example.com

More example can be found in the ``sample/`` directory.

Httpd and Nginx
---------------

``lecm`` does not configure the webservers, they have to be previously
configured to be able to answer the challenges.

httpd
^^^^^

.. code-block::

Alias /.well-known/acme-challenge /etc/letsencrypt/challenges/my.example.com
<directory etc="" letsencrypt="" challenges="" my.example.com="">
Require all granted
</directory>


nginx
^^^^^

.. code-block::

location /.well-known/acme-challenge/ {
alias /etc/letsencrypt/challenges/my.example.com/;
try_files $uri =404;
}


.. |buildstatus| image:: https://img.shields.io/travis/Spredzy/lecm/master.svg
.. _buildstatus: https://travis-ci.org/Spredzy/lecm

.. |release| image:: https://img.shields.io/pypi/v/lecm.svg
.. _release: https://pypi.python.org/pypi/lecm

.. |versions| image:: https://img.shields.io/pypi/pyversions/lecm.svg
.. _versions: https://pypi.python.org/pypi/lecm

.. _Let's Encrypt: https://letsencrypt.org/
.. _official Debian package for lecm: https://tracker.debian.org/pkg/lecm
Release History

Release History

0.0.7

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.0.6

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.0.5

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.0.4

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.0.3

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.0.2

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.0.1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
lecm-0.0.7.tar.gz (12.0 kB) Copy SHA256 Checksum SHA256 Source Nov 18, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting