Source: letsencrypt-tiny Section: mail Priority: optional Maintainer: Guilhem Moulin Build-Depends: debhelper (>= 9) Standards-Version: 3.9.6 Vcs-Git: https://git.guilhem.org/letsencrypt-tiny Vcs-Browser: https://git.guilhem.org/letsencrypt-tiny Package: letsencrypt-tiny Architecture: all Depends: ${misc:Depends}, ${perl:Depends}, libcrypt-openssl-bignum-perl, libcrypt-openssl-rsa-perl, libwww-perl, libjson-perl | libjson-xs-perl, openssl, netcat-openbsd | netcat-traditional Recommends: liblwp-protocol-https-perl, socat Conflicts: letsencrypt Description: Tiny ACME client for Let's Encrypt This tiny ACME client written is with process isolation and minimal privileges in mind. It is divided into three components: 1. the "master" process, which runs as root and is the only component with access to the private key material (both account and server keys); 2. the actual ACME client, which runs as a separated user ID, builds ACME requests and dialogues with the remote ACME server (data to be signed is written to a pipe shared with the master process, which replies with its SHA-256 signature); and 3. an optional webserver, which runs as www-data:www-data and listen on port 80 to server ACME challenges.