Uacme
lightweight client for the RFC8555 ACMEv2 protocol, written in plain C with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS). The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a popular one) and an applicant to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.
Installation
If you are using openSUSE Tumbleweed or Leap 15.3 or later, you can install with zypper (no need to add repository, provided in standard repository):
zypper in uacme
How to use
As written in the github page (https://github.com/ndilieto/uacme), uacme is a minimal tool. In fact, there is no support for challenges (http/dns etc.) in uacme itself, so you should use together with hook programs. If you want to use http challange (probably this is the most common case), you can use the hook program /usr/share/uacme/uacme.sh.
For example:
# Create uacme directories mkdir /etc/ssl/uacme /etc/ssl/uacme/private # Create new key (using mail address) uacme new mail_address@example.org
# Create acme-challenge directory mkdir /srv/www/htdocs/.well-known/acme-challenge # Issue (replace "example.org" for your FQDN) # (If you want to issue a certificate for multiple FQDNs, specify them separated by spaces) uacme -h /usr/share/uacme/uacme.sh issue example.org
That's all. If "uacme issue" command generates nothing, it means successful.
You can find the issued certificate at "/etc/ssl/uacme/example.org/cert.pem". and the correspoding private key at "/etc/ssl/uacme/private/example.org/key.pem".
FAQ
- If you want to use another document root directory other than /srv/www/htdocs, specify it with "UACME_CHALLENGE_PATH" environment variable (including "/.well-known/acme-challenge").