From 08d9f95505bb11c3d1b6a8c649362ede7dab4138 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 13 Jun 2016 23:14:00 +0200 Subject: =?UTF-8?q?Rename=20=E2=80=98letsencrypt-tiny=E2=80=99=20to=20?= =?UTF-8?q?=E2=80=98lacme=E2=80=99.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README | 58 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'README') diff --git a/README b/README index 37c531a..4e66129 100644 --- a/README +++ b/README @@ -1,29 +1,6 @@ -Requesting new Certificate Issuance with the ACME protocol generally -works as follows: - - 1. Generate a Certificate Signing Request. This requires access to - the private part of the server key. - 2. Issue an issuance request against the ACME server. - 3. Answer the ACME Identifier Validation Challenges. The challenge - type "http-01" requires a webserver to listen on port 80 for each - address for which an authorization request is issued; if there is - no running webserver, root privileges are required to bind against - port 80 and to install firewall rules to temporarily open the port. - 4. Install the certificate (after verification) and restart the - service. This usually requires root access as well. - -Steps 1,3,4 need to be run on the host for which an authorization -request is issued. However the the issuance itself (step 2) could be -done from another machine. Furthermore, each ACME command (step 2), as -well as the key authorization token in step 3, need to be signed using -an account key. The account key can be stored on another machine, or -even on a smartcard. - -_______________________________________________________________________ - -letsencrypt is a tiny ACME client written with process isolation and -minimal privileges in mind. It is divided into four components, each -with its own executable: +lacme is a small ACME client written with process isolation and minimal +privileges in mind. It is divided into four components, each with its +own executable: * A process to manage the account key and issue SHA-256 signatures needed for each ACME command. (This process binds to a UNIX-domain @@ -56,11 +33,34 @@ with its own executable: Consult the manuals for more information. - https://guilhem.org/man/letsencrypt.1.html - https://guilhem.org/man/letsencrypt-accountd.1.html + https://guilhem.org/man/lacme.1.html + https://guilhem.org/man/lacme-accountd.1.html + +_______________________________________________________________________ + +Requesting new Certificate Issuance with the ACME protocol generally +works as follows: + + 1. Generate a Certificate Signing Request. This requires access to + the private part of the server key. + 2. Issue an issuance request against the ACME server. + 3. Answer the ACME Identifier Validation Challenges. The challenge + type "http-01" requires a webserver to listen on port 80 for each + address for which an authorization request is issued; if there is + no running webserver, root privileges are required to bind against + port 80 and to install firewall rules to temporarily open the port. + 4. Install the certificate (after verification) and restart the + service. This usually requires root access as well. + +Steps 1,3,4 need to be run on the host for which an authorization +request is issued. However the the issuance itself (step 2) could be +done from another machine. Furthermore, each ACME command (step 2), as +well as the key authorization token in step 3, need to be signed using +an account key. The account key can be stored on another machine, or +even on a smartcard. _______________________________________________________________________ -letsencrypt is Copyright© 2016 Guilhem Moulin ⟨guilhem@fripost.org⟩, and +lacme is Copyright© 2016 Guilhem Moulin ⟨guilhem@fripost.org⟩, and licensed for use under the GNU General Public License version 3 or later. See ‘COPYING’ for specific terms and distribution information. -- cgit v1.2.3