2024-07-23 12:27:27 +00:00
|
|
|
# nyacme
|
|
|
|
|
|
|
|
*a uacme wrapper that maybe probably doesn't suck too much*
|
|
|
|
|
2024-07-23 12:36:26 +00:00
|
|
|
usage:
|
|
|
|
```
|
|
|
|
usage: nyacme [-h] [-c CONFIG] [-o OUTPUT]
|
|
|
|
|
|
|
|
fun uacme wrapper
|
|
|
|
|
|
|
|
options:
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
-c CONFIG, --config CONFIG
|
|
|
|
path to your config file (default: /etc/nyacme.toml)
|
|
|
|
-o OUTPUT, --output OUTPUT
|
|
|
|
path to the certificate output directory (default: /etc/ssl/uacme)
|
|
|
|
```
|
|
|
|
|
2024-07-23 12:27:27 +00:00
|
|
|
example configuration:
|
|
|
|
```toml
|
|
|
|
post_acquire = [
|
|
|
|
"doas service haproxy reload"
|
|
|
|
]
|
|
|
|
|
|
|
|
certificates = [
|
|
|
|
"ptrc.gay",
|
|
|
|
"*.dev.ptrc.gay"
|
|
|
|
]
|
|
|
|
|
|
|
|
[domains]
|
|
|
|
"ptrc.gay" = "hetzner"
|
|
|
|
|
|
|
|
[secrets]
|
|
|
|
hetzner = "your_secret_goes_here"
|
|
|
|
```
|
|
|
|
|
|
|
|
configuration options:
|
|
|
|
- `post_acquire` - list of commands to be ran after a new certificate is acquired
|
|
|
|
- `certificates` - list of CNs for the desired certificates (note: `*.domain.tld` also adds a `domain.tld` CN)
|
|
|
|
- `domains` - dict of domains and their respective providers (note: it is expected that a domain is also the root of the zone)
|
|
|
|
- `secrets` - dict of secrets to be used by providers; *usually* with the same name as provider itself
|
|
|
|
- `acme_path` - string, path to your `.well-known/acme-challenge/`
|
|
|
|
|
|
|
|
currently implemented providers:
|
|
|
|
- `cloudflare`
|
|
|
|
- `hetzner`
|
|
|
|
- `http`
|
|
|
|
- `porkbun` (with secrets `porkbun.apikey` and `porkbun.secretapikey`)
|
2024-07-27 17:59:44 +00:00
|
|
|
- `he` ( hurricane electric )
|