From 6f1693877495a071641478736ba2487b4211e9b0 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 19 Oct 2021 16:53:41 -0700 Subject: [PATCH] Update README.md * Add SCEP support * Fix ACME tutorial URLs --- README.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 64458929..bfc056b4 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,8 @@ You can issue certificates in exchange for: - [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure - [Single-use, short-lived JWK tokens](https://smallstep.com/docs/step-ca/provisioners#jwk) issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc. - A trusted X.509 certificate (X5C provisioner) -- Expiring SSH host certificates needing rotation (the SSHPOP provisioner) +- A SCEP challenge (SCEP provisioner) +- An SSH host certificates needing renewal (the SSHPOP provisioner) - Learn more in our [provisioner documentation](https://smallstep.com/docs/step-ca/provisioners) ### 🏔 Your own private ACME server @@ -80,16 +81,17 @@ ACME is the protocol used by Let's Encrypt to automate the issuance of HTTPS cer - For `tls-alpn-01`, respond to the challenge at the TLS layer ([as Caddy does](https://caddy.community/t/caddy-supports-the-acme-tls-alpn-challenge/4860)) to prove that you control the web server - Works with any ACME client. We've written examples for: - - [certbot](https://smallstep.com/blog/private-acme-server/#certbotuploadsacme-certbotpng-certbot-example) - - [acme.sh](https://smallstep.com/blog/private-acme-server/#acmeshuploadsacme-acme-shpng-acmesh-example) - - [Caddy](https://smallstep.com/blog/private-acme-server/#caddyuploadsacme-caddypng-caddy-example) - - [Traefik](https://smallstep.com/blog/private-acme-server/#traefikuploadsacme-traefikpng-traefik-example) - - [Apache](https://smallstep.com/blog/private-acme-server/#apacheuploadsacme-apachepng-apache-example) - - [nginx](https://smallstep.com/blog/private-acme-server/#nginxuploadsacme-nginxpng-nginx-example) + - [certbot](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#certbot) + - [acme.sh](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#acmesh) + - [win-acme](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#win-acme) + - [Caddy](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#caddy-v2) + - [Traefik](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#traefik) + - [Apache](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#apache) + - [nginx](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#nginx) - Get certificates programmatically using ACME, using these libraries: - - [`lego`](https://github.com/go-acme/lego) for Golang ([example usage](https://smallstep.com/blog/private-acme-server/#golanguploadsacme-golangpng-go-example)) - - certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/blog/private-acme-server/#pythonuploadsacme-pythonpng-python-example)) - - [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/blog/private-acme-server/#nodejsuploadsacme-node-jspng-nodejs-example)) + - [`lego`](https://github.com/go-acme/lego) for Golang ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#golang)) + - certbot's [`acme` module](https://github.com/certbot/certbot/tree/master/acme) for Python ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#python)) + - [`acme-client`](https://github.com/publishlab/node-acme-client) for Node.js ([example usage](https://smallstep.com/docs/tutorials/acme-protocol-acme-clients#node)) - Our own [`step` CLI tool](https://github.com/smallstep/cli) is also an ACME client! - See our [ACME tutorial](https://smallstep.com/docs/tutorials/acme-challenge) for more