a uacme wrapper that maybe probably doesn't suck too much
nyacme | ||
.gitignore | ||
CHANGELOG.md | ||
LICENSE.txt | ||
nyacme-hook | ||
pyproject.toml | ||
README.md | ||
ruff.toml |
nyacme
a uacme wrapper that maybe probably doesn't suck too much
usage:
usage: nyacme [-h] [-c CONFIG] [-o OUTPUT]
fun uacme wrapper
options:
-h, --help show this help message and exit
-c CONFIG, --config CONFIG
path to your config file (default: /etc/nyacme.toml)
-o OUTPUT, --output OUTPUT
path to the certificate output directory (default: /etc/ssl/uacme)
example configuration:
post_acquire = [
"doas service haproxy reload"
]
certificates = [
"ptrc.gay",
"*.dev.ptrc.gay"
]
[domains]
"ptrc.gay" = "hetzner"
"porkbunned.example" = "porkbun"
"yet.another.domain.tld" = { provider = "hetzner", secret = "this_is_a_different_secret" }
[secrets]
hetzner = "your_secret_goes_here"
porkbun = { apikey = "owo", secretapikey = "uwu" }
configuration options:
post_acquire
- list of commands to be ran after a new certificate is acquiredcertificates
- list of CNs for the desired certificates (note:*.domain.tld
also adds adomain.tld
CN)domains
- dict of domains and their respective providers (note: it is expected that a domain is also the root of the zone)secrets
- dict of secrets to be used by providers; usually with the same name as provider itselfacme_path
- string, path to your.well-known/acme-challenge/
currently implemented providers:
cloudflare
hetzner
http
porkbun
(with secretsapikey
andsecretapikey
, see example config)he
( hurricane electric )