2016-01-10 15:20:59 +01:00
ACERTMGR
========
This is an automated certificate manager using ACME/letsencrypt.
Running ACERTMGR
----------------
The main file acertmgr.py is intended to be run regularly (e.g. as daily cron job) as root.
2016-01-11 20:15:31 +01:00
Requirements
------------
2016-01-11 20:22:36 +01:00
* Python (2.7+ and 3.4+ should work)
* PyYAML
2016-01-11 20:58:10 +01:00
* acme\_tiny (`acme_tiny.py` in $PYTHONHOME or $PYTHONPATH or placed next to `acertmgr.py` )
2016-01-11 20:15:31 +01:00
2016-01-10 15:20:59 +01:00
Configuration
-------------
The main configuration is read from `/etc/acme/acme.conf` , domains for which certificates should be obtained/renewed should be configured in `/etc/acme/domains.d/{fqdn}.conf` .
All configuration files use yaml syntax.
* Example global configuration file:
2016-01-10 15:27:08 +01:00
```yaml
---
2016-01-10 15:20:59 +01:00
2016-01-10 15:27:08 +01:00
mode: webdir
2016-01-10 15:48:16 +01:00
#mode: standalone
2016-01-10 17:29:26 +01:00
webdir: /var/www/acme-challenge/
defaults:
format: split
2016-01-10 15:27:08 +01:00
```
2016-01-10 15:20:59 +01:00
* Example domain configuration file:
2016-01-10 15:27:08 +01:00
```yaml
---
mail.example.com:
- user: postfix
group: postfix
perm: '400'
2016-01-10 15:48:16 +01:00
notify: '/etc/init.d/postfix reload'
2016-01-10 15:27:08 +01:00
- user: dovecot
group: dovecot
perm: '400'
2016-01-10 15:48:16 +01:00
notify: '/etc/init.d/dovecot reload'
2016-01-10 15:27:08 +01:00
```
2016-01-10 15:56:04 +01:00
Security
--------
Please keep the following in mind when using this software:
* DO read the source code, since it is intended to be run as root
* Make sure that your configuration files are NOT writable by other users - arbitrary commands can be executed after updating certificates