diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 58 |
1 files changed, 29 insertions, 29 deletions
@@ -1,29 +1,6 @@ -Requesting new Certificate Issuance with the ACME protocol generally -works as follows: - - 1. Generate a Certificate Signing Request. This requires access to - the private part of the server key. - 2. Issue an issuance request against the ACME server. - 3. Answer the ACME Identifier Validation Challenges. The challenge - type "http-01" requires a webserver to listen on port 80 for each - address for which an authorization request is issued; if there is - no running webserver, root privileges are required to bind against - port 80 and to install firewall rules to temporarily open the port. - 4. Install the certificate (after verification) and restart the - service. This usually requires root access as well. - -Steps 1,3,4 need to be run on the host for which an authorization -request is issued. However the the issuance itself (step 2) could be -done from another machine. Furthermore, each ACME command (step 2), as -well as the key authorization token in step 3, need to be signed using -an account key. The account key can be stored on another machine, or -even on a smartcard. - -_______________________________________________________________________ - -letsencrypt is a tiny ACME client written with process isolation and -minimal privileges in mind. It is divided into four components, each -with its own executable: +lacme is a small ACME client written with process isolation and minimal +privileges in mind. It is divided into four components, each with its +own executable: * A process to manage the account key and issue SHA-256 signatures needed for each ACME command. (This process binds to a UNIX-domain @@ -56,11 +33,34 @@ with its own executable: Consult the manuals for more information. - https://guilhem.org/man/letsencrypt.1.html - https://guilhem.org/man/letsencrypt-accountd.1.html + https://guilhem.org/man/lacme.1.html + https://guilhem.org/man/lacme-accountd.1.html + +_______________________________________________________________________ + +Requesting new Certificate Issuance with the ACME protocol generally +works as follows: + + 1. Generate a Certificate Signing Request. This requires access to + the private part of the server key. + 2. Issue an issuance request against the ACME server. + 3. Answer the ACME Identifier Validation Challenges. The challenge + type "http-01" requires a webserver to listen on port 80 for each + address for which an authorization request is issued; if there is + no running webserver, root privileges are required to bind against + port 80 and to install firewall rules to temporarily open the port. + 4. Install the certificate (after verification) and restart the + service. This usually requires root access as well. + +Steps 1,3,4 need to be run on the host for which an authorization +request is issued. However the the issuance itself (step 2) could be +done from another machine. Furthermore, each ACME command (step 2), as +well as the key authorization token in step 3, need to be signed using +an account key. The account key can be stored on another machine, or +even on a smartcard. _______________________________________________________________________ -letsencrypt is Copyright© 2016 Guilhem Moulin ⟨guilhem@fripost.org⟩, and +lacme is Copyright© 2016 Guilhem Moulin ⟨guilhem@fripost.org⟩, and licensed for use under the GNU General Public License version 3 or later. See ‘COPYING’ for specific terms and distribution information. |