Jump to: navigation, search

lightweight client for the RFC8555 ACMEv2 protocol, written in plain C with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS). The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a popular one) and an applicant to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.


If you are using openSUSE Tumbleweed or Leap 15.3 or later, you can install with zypper (no need to add repository, provided in standard repository):

zypper in uacme

How to use

As written in the github page (, uacme is a minimal tool. In fact, there is no support for challenges (http/dns etc.) in uacme itself, so you should use together with hook programs. If you want to use http challange (probably this is the most common case), you can use the hook program /usr/share/uacme/

For example:

 # Create uacme directories
 mkdir /etc/ssl/uacme /etc/ssl/uacme/private 
 # Create new key (using mail address)
 uacme new
 # Create acme-challenge directory
 mkdir /srv/www/htdocs/.well-known/acme-challenge
 # Issue (replace "" for your FQDN)
 # (If you want to issue a certificate for multiple FQDNs, specify them separated by spaces)
 uacme -h /usr/share/uacme/ issue

That's all. If "uacme issue" command generates nothing, it means successful.

You can find the issued certificate at "/etc/ssl/uacme/". and the correspoding private key at "/etc/ssl/uacme/private/".


  • If you want to use another document root directory other than /srv/www/htdocs, specify it with "UACME_CHALLENGE_PATH" environment variable (including "/.well-known/acme-challenge").

External links