Simple Let's Encrypt Client
Project description
Simple Let’s Encrypt client.
simp_le --email you@example.com -f account_key.json \
-f fullchain.pem -f key.pem \
-d example.com -d www.example.com --default_root /var/www/html \
-d example.net:/var/www/other_html
For more info see simp_le --help.
N.B. this was originally a fork of https://github.com/kuba/simp_le, which is unmaintained and has some breakage due to bitrot. Thanks to @kuba for the original implementation.
Manifesto
UNIX philosophy: Do one thing and do it well!
simp_le --valid_min ${seconds?} -f cert.pem implies that cert.pem is valid for at at least valid_min (defaults to 2592000 seconds / 30 days). Register new ACME CA account if necessary. Issue new certificate if no previous key/certificate/chain found. Renew only if necessary.
(Sophisticated) “manager” for ${webroot?}/.well-known/acme-challenge only. No challenges other than http-01. Existing web-server must be running already.
No magical webserver auto-configuration.
Owner of ${webroot?}/.well-known/acme-challenge must be able to run the script, without privilege escalation (sudo, root, etc.).
crontab friendly: fully automatable - no prompts, etc.
No configuration files. CLI flags as the sole interface! Users should write their own wrapper scripts or use shell aliases if necessary.
Support multiple domains with multiple roots. Always create single SAN certificate per simp_le run.
Flexible storage capabilities. Built-in simp_le -f fullchain.pem -f key.pem, simp_le -f chain.pem -f cert.pem -f key.pem, etc. Extensions through simp_le -f external.sh.
Do not allow specifying output file paths. Users should symlink if necessary!
No need to allow specifying an arbitrary command when renewal has happened, just check the exit code:
0 if certificate data was created or updated;
1 if renewal not necessary;
2 in case of errors.
--server (support multiple CAs).
Support for revocation.
Implicit agreement to the selected ACME CA’s terms of service.
Installation
sudo ./bootstrap.sh
./venv.sh
export PATH=$PWD/venv/bin:$PATH
Usage with Docker
If you want to use simp_le with Docker, have a look at simp_le for Docker.
Help
Have a look into ./examples/ and https://github.com/zenhack/simp_le/wiki/Examples.
If you’re having problems you can chat with us on IRC (#simp_le at Freenode)
Change Log
Below is a summary of changes introduced in each release. Any user-visible changes must be recorded here. Note that the topmost entry sometimes represents the next (i.e. not yet released) version.
Releases occur approximately every two months, unless there is a pressing need to do otherwise (e.g. security & serious bug fixes).
0.8.0
Drop official support for Python 2.6
Upgrade acme to 0.22.x
0.7.0
Remove the ToS hash comparison, implicitly agree to CA’s ToS if present
Add check for empty or corrupt cert/key files
Add some sanity checks for email syntax
Upgrade acme to 0.20.x
0.6.2
Implement the future-proofing mentioned in the 0.6.1 release notes. Future TOS changes should not break simp_le >= 0.6.2
0.6.1
Update the hash for the letsencrypt TOS. The TOS changed on November 15th, which broke previous releases. Future releases will not hard-code the hash, which should avoid this sort of problem in the future.
0.6.0
Drop official support for Python 3.3.
Disable self-verification; this was highly unreliable and resulted in spurrious warnings.
Improve argument sanity-checks and error messages.
Save account_key.json, even on failures
Clean temporary challenge files.
Upgrade acme to 0.19.x
0.5.1
Add a workaround for some installation problems caused by a bug in pip
0.5.0
Upgrade acme to 0.17.x
0.4.0
Upgrade acme to 0.16.x
0.3.0
Fix a bug where the version number was incorrectly reported
Upgrade acme to 0.15.x
0.2.0
Upgrade to acme 0.11.x
0.1.1
Change the package name; the original maintainer owns the simp_le PyPI package, and hasn’t responded to requests to transfer it, so the package name is now ‘simp_le-client’.
0.1.0
First release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.