Skip to content

Example commands for acme clients

grindsa edited this page Aug 16, 2020 · 2 revisions

acme.sh

register account

root@rlh:~# acme.sh --server http://<server address> --register-account --accountemail <email address> --debug 2 --output-insecure

deactivate account

root@rlh:~# acme.sh --server http://<server address> --deactivate-account --debug 2 --output-insecure

cert enrollment

root@rlh:~# acme.sh --server http://<server address>  --issue -d acme-1.example.com -d acme-2.example.com --standalone --debug 2 --output-insecure --force

cert revocation

acme.sh --server http://<server address> --revoke -d acme-1.example.com -d acme-2.example.com --debug 2 --output-insecure

Certbot

account registration

root@rlh:~# certbot-auto register --agree-tos -m <email address>  --server http://<server address> --no-eff-email

account deletion

root@rlh:~# rm -rf /etc/letsencrypt/accounts/*

certificate enrollment

root@rlh:~# certbot-auto certonly --server http://<server address> --standalone --preferred-challenges http -d certbot-1.example.com -d certbot-2.example.com --cert-name certbot-test

certificate revocation

certbot-auto revoke --server http://<server address> --cert-name certbot-test

IMPORTANT: by default a CSR generated by certbot does not contain any subject name. Such CSR will be refused by enterprise CA servers. For mitigation you need to create a CA policy setting a subject name. Example CA policy for Insta Certifier

lego

account registration and cert enrollment

lego -s http://<server address> -a --email <email address> -d lego-1.bar.local -d lego-2.bar.local --http run

revoke a certificate

lego -s http://<server address> -a --email <email address> -d lego-1.bar.local revoke

acmeshell

start the shell

root@rlh:~# acmeshell -directory http://<server address> -postAsGet=true

create a new account

root@rlh:~# newAccount [email protected],

create a new order

root@rlh:~# newOrder -identifiers=foo.bar

get status of the order

root@rlh:~# getOrder -order 0

get authorization details for order

root@rlh:~# getAuthz -order=0 -identifier=foo.bar

get http challenges

root@rlh:~# getChall -order=0 -identifier=foo.bar -type=http-01

solve http challenge of order's auth

root@rlh:~# solve -order=0 -identifier=foo.bar -challengeType=http-01

poll orderstatus (still pending)

root@rlh:~# poll -order=0

finalize order

root@rlh:~# finalize -order=0

poll order to check status

root@rlh:~# poll -order=0 -status=valid

get certificate

root@rlh:~# getCert -order=0
Clone this wiki locally