# nyacme

*a uacme wrapper that maybe probably doesn't suck too much*

usage:
```
usage: nyacme [-h] [-c CONFIG] [-o OUTPUT]

fun uacme wrapper

options:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        path to your config file (default: /etc/nyacme.toml)
  -o OUTPUT, --output OUTPUT
                        path to the certificate output directory (default: /etc/ssl/uacme)
```

example configuration:
```toml
post_acquire = [
	"doas service haproxy reload"
]

certificates = [
	"ptrc.gay",
	"*.dev.ptrc.gay"
]

[domains]
"ptrc.gay" = "hetzner"
"porkbunned.example" = "porkbun"
"yet.another.domain.tld" = { handler = "hetzner", secret = "this_is_a_different_secret" }

[secrets]
hetzner = "your_secret_goes_here"
porkbun = { apikey = "owo", secretapikey = "uwu" }
```

configuration options:
- `post_acquire` - list of commands to be ran after a new certificate is acquired
- `certificates` - list of CNs for the desired certificates (note: `*.domain.tld` also adds a `domain.tld` CN)
- `domains` - dict of domains and their respective handlers (note: it is expected that a domain is also the root of the zone)
- `secrets` - dict of secrets to be used by handlers; *usually* with the same name as handler itself
- `acme_path` - string, path to your `.well-known/acme-challenge/`

currently implemented handlers:
- `cloudflare`
- `hetzner`
- `http`
- `porkbun` (with secrets `apikey` and `secretapikey`, see example config)
- `he` ( hurricane electric )