letsencrypt_gencsr 0.2.0

Command line utility to generate a csr for letsencrypt from a preexisting key

# Letsencrypt GenCSR #

A very fin wrapper around letsencrypt which allows the construction of a CSR which is compatible with the letsencrypt toolchain.

Use this, if you don’t want to generate new private keys every time when requesting letsencrypt certificates. Even though this is generally a good security practice it might be problematic when using public key pinning.

## Installation ##

` pip install letsencrypt_gencsr `

## Usage ##

` letsencrypt-gencsr-helper gencsr --key privkey.pem -d my.awesome.domain.net awesome.domain.net domain.net -o request.csr `

This generates form the given key “privkey.pem” and the domains “my.awesome.domain.net”, “awesome.domain.net” and “domain.net” a CSR file (in request.csr) compatible with letsencrypt which can be passed to the toolchain through the –csr flag:

` letsencrypt certonly --csr request.csr --webroot --renew-by-default --agree-tos -w /var/www `

## Letsencrypt proxy ##

As of Version 0.2.0 the letsencrypt-gencsr-helper acts as a proxy of the letsencrypt cli interface and has the same commands.

This is done to support the additional –private-key parameter. It allows to feed a pre defined private key to the certonly certificate request:

` letsencrypt-gencsr-helper certonly --private-key privatekey.pem --webroot -w /var/www -d example.com `

Of course the same functionality also works with the run command.

## License ##

The application is licensed under the [MIT license](http://opensource.org/licenses/MIT). The used letsencrypt library is licensed under the [Apache 2.0 license](http://opensource.org/licenses/apache-2.0).