aboutsummaryrefslogtreecommitdiffstats
path: root/letsencrypt-accountd.1
diff options
context:
space:
mode:
Diffstat (limited to 'letsencrypt-accountd.1')
-rw-r--r--letsencrypt-accountd.1153
1 files changed, 0 insertions, 153 deletions
diff --git a/letsencrypt-accountd.1 b/letsencrypt-accountd.1
deleted file mode 100644
index a06cdcc..0000000
--- a/letsencrypt-accountd.1
+++ /dev/null
@@ -1,153 +0,0 @@
-.TH LETSENCRYPT\-ACCOUNTD "1" "MARCH 2016" "Tiny Let's Encrypt ACME client (account key manager)" "User Commands"
-
-.SH NAME
-letsencrypt\-accountd \- Tiny Let's Encrypt ACME client (account key manager)
-
-.SH SYNOPSIS
-.B letsencrypt\-accountd\fR [\fB\-\-config=\fIFILENAME\fR]
-[\fB\-\-privkey=\fIARG\fR] [\fB\-\-socket=\fIPATH\fR] [\fB\-\-quiet\fR]
-
-
-.SH DESCRIPTION
-.PP
-.B letsencrypt\-accountd\fR is the account key manager component of
-\fIletsencrypt\fR(1), a tiny ACME client written with process isolation
-and minimal privileges in mind. No other \fIletsencrypt\fR(1) component
-need access to the account key; in fact the account key could also be
-stored on a smartcard.
-
-.B letsencrypt\-accountd\fR binds to a UNIX\-domain socket (specified
-with \fB\-\-socket=\fR), which ACME clients can connect to in order to
-request data signatures.
-As a consequence, \fBletsencrypt\-accountd\fR needs to be up and running
-before using \fIletsencrypt\fR(1) to issue ACME commands.
-Also, the process does not automatically terminate after the last
-signature request: instead, one sends an \fIINT\fR or \fITERM\fR signal
-to bring the server down.
-
-Furthermore, one can use the UNIX\-domain socket forwarding facility of
-OpenSSH 6.7 and later to run \fBletsencrypt\-accountd\fR and
-\fIletsencrypt\fR(1) on different hosts. For instance one could store
-the account key on a machine that is not exposed to the internet. See
-the \fBEXAMPLES\fR section below.
-
-
-.SH OPTIONS
-.TP
-.B \-\-config=\fIfilename\fR
-Use \fIfilename\fR as configuration file. See the \fBCONFIGURATION
-FILE\fR section below for the configuration options.
-
-.TP
-.B \-\-privkey=\fIarg\fR
-Specify the (private) account key to use for signing requests.
-Currently supported \fIarg\fRuments are:
-
-.RS
-.IP \[bu] 2
-file:\fIFILE\fR, to specify an encrypted private key (in PEM format); and
-.IP \[bu]
-gpg:\fIFILE\fR, to specify a \fIgpg\fR(1)\-encrypted private key (in PEM format).
-
-.PP
-The following command can be used to generate a new 4096\-bits RSA key in
-PEM format with mode 0600:
-
-.nf
- openssl genrsa 4096 | install -m0600 /dev/stdin /path/to/priv.key
-.fi
-.RE
-
-.TP
-.B \-\-socket=\fIpath\fR
-Use \fIpath\fR as the UNIX\-domain socket to bind against for signature
-requests from the ACME client. \fBletsencrypt\-accountd\fR aborts if
-\fIpath\fR exists or if its parent directory is writable by other users.
-
-.TP
-.B \-?\fR, \fB\-\-help\fR
-Display a brief help and exit.
-
-.TP
-.B \-q\fR, \fB\-\-quiet\fR
-Be quiet.
-
-.TP
-.B \-\-debug
-Turn on debug mode.
-
-
-.SH CONFIGURATION FILE
-If \fB\-\-config=\fR is not given, \fBletsencrypt\-accountd\fR uses the
-first existing configuration file among
-\fI./letsencrypt\-accountd.conf\fR,
-\fI$XDG_CONFIG_HOME/letsencrypt\-tiny/letsencrypt\-accountd.conf\fR (or
-\fI~/.config/letsencrypt\-tiny/letsencrypt\-accountd.conf\fR if the
-XDG_CONFIG_HOME environment variable is not set), and
-\fI/etc/letsencrypt\-tiny/letsencrypt\-accountd.conf\fR.
-
-When given on the command line, the \fB\-\-privkey=\fR,
-\fB\-\-socket=\fR and \fB\-\-quiet\fR options take precedence over their
-counterpart (without leading \(lq\-\-\(rq) in the configuration file.
-Valid options are:
-
-.TP
-.I privkey
-See \fB\-\-privkey=\fR.
-This option is required when \fB\-\-privkey=\fR is not specified on the
-command line.
-
-.TP
-.I gpg
-For a \fIgpg\fR(1)\-encrypted private account key, specify the binary
-\fIgpg\fR(1) to use, as well as some default options.
-Default: \(lqgpg \-\-quiet\(rq.
-
-.TP
-.I socket
-See \fB\-\-socket=\fR.
-Default: \(lq$XDG_RUNTIME_DIR/S.letsencrypt\(rq if the XDG_RUNTIME_DIR
-environment variable is set.
-
-.TP
-.I quiet
-Be quiet. Possible values: \(lqYes\(rq/\(lqNo\(rq.
-
-
-.SH EXAMPLES
-
-Run \fBletsencrypt\-accountd\fR in a first terminal:
-
-.nf
- ~$ letsencrypt\-accountd \-\-privkey=file:/path/to/priv.key \-\-socket=/run/user/1000/S.letsencrypt
-.fi
-
-Then, while \fBletsencrypt\-accountd\fR is running, execute locally
-\fIletsencrypt\fR(1) in another terminal:
-
-.nf
- ~$ sudo letsencrypt \-\-socket=/run/user/1000/S.letsencrypt new\-cert
-.fi
-
-Alternatively, use \fIssh\fR(1) to forward the socket and execute
-\fIletsencrypt\fR(1) remotely:
-
-.nf
- ~$ ssh -oExitOnForwardFailure=yes -tt -R /path/to/remote.sock:/run/user/1000/S.letsencrypt user@example.org \\
- sudo letsencrypt --socket=/path/to/remote.sock new-cert
-.fi
-
-
-.SH SEE ALSO
-\fBletsencrypt\fR(1), \fBssh\fR(1)
-
-.SH AUTHOR
-.ie \n[www-html] \{\
- Written by
-. MTO guilhem@fripost.org "Guilhem Moulin" .
-\}
-.el \{\
- Written by Guilhem Moulin
-. MT guilhem@fripost.org
-. ME .
-\}