a uacme wrapper that maybe probably doesn't suck too much
Find a file
2024-08-11 14:33:50 +02:00
nyacme refactor: improve config parsing, allow for domain-specific secrets and multi-value secrets 2024-08-10 21:21:20 +02:00
.gitignore chore: add output/ to gitignore 2024-08-10 21:16:36 +02:00
CHANGELOG.md docs: update changelog + examples 2024-08-11 12:25:13 +02:00
LICENSE.txt feat: initial commit 2024-03-16 06:58:17 +01:00
nyacme-hook fix: another attempt at local nyacme hook 2024-08-10 21:16:05 +02:00
pyproject.toml chore: bump version to 1.0.0 2024-08-11 12:25:13 +02:00
README.md docs: fix nomenclature (provider -> handler) 2024-08-11 14:33:50 +02:00
ruff.toml chore: target python 3.10 in ruff config 2024-07-27 20:14:25 +02:00

nyacme

a uacme wrapper that maybe probably doesn't suck too much

usage:

usage: nyacme [-h] [-c CONFIG] [-o OUTPUT]

fun uacme wrapper

options:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        path to your config file (default: /etc/nyacme.toml)
  -o OUTPUT, --output OUTPUT
                        path to the certificate output directory (default: /etc/ssl/uacme)

example configuration:

post_acquire = [
	"doas service haproxy reload"
]

certificates = [
	"ptrc.gay",
	"*.dev.ptrc.gay"
]

[domains]
"ptrc.gay" = "hetzner"
"porkbunned.example" = "porkbun"
"yet.another.domain.tld" = { handler = "hetzner", secret = "this_is_a_different_secret" }

[secrets]
hetzner = "your_secret_goes_here"
porkbun = { apikey = "owo", secretapikey = "uwu" }

configuration options:

  • post_acquire - list of commands to be ran after a new certificate is acquired
  • certificates - list of CNs for the desired certificates (note: *.domain.tld also adds a domain.tld CN)
  • domains - dict of domains and their respective handlers (note: it is expected that a domain is also the root of the zone)
  • secrets - dict of secrets to be used by handlers; usually with the same name as handler itself
  • acme_path - string, path to your .well-known/acme-challenge/

currently implemented handlers:

  • cloudflare
  • hetzner
  • http
  • porkbun (with secrets apikey and secretapikey, see example config)
  • he ( hurricane electric )