alexvanin/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

adapted readme

Browse source
This commit is contained in:
Gianluca 2016-03-30 10:12:15 +02:00
parent 58386e2d80
commit e0a1dd6e9e
1 changed files with 49 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
README.md
View file

@ -14,7 +14,7 @@ lego supports both binary installs and install from source.
To get the binary just download the latest release for your OS/Arch from [the release page](https://github.com/xenolf/lego/releases) To get the binary just download the latest release for your OS/Arch from [the release page](https://github.com/xenolf/lego/releases)
and put the binary somewhere convenient. lego does not assume anything about the location you run it from. and put the binary somewhere convenient. lego does not assume anything about the location you run it from.
To install from source, just run To install from source, just run
``` ```
go get -u github.com/xenolf/lego go get -u github.com/xenolf/lego
``` ```
@ -40,7 +40,7 @@ Please keep in mind that CLI switches and APIs are still subject to change.
When using the standard `--path` option, all certificates and account configurations are saved to a folder *.lego* in the current working directory. When using the standard `--path` option, all certificates and account configurations are saved to a folder *.lego* in the current working directory.
#### Sudo #### Sudo
The CLI does not require root permissions but needs to bind to port 80 and 443 for certain challenges. The CLI does not require root permissions but needs to bind to port 80 and 443 for certain challenges.
To run the CLI without sudo, you have four options: To run the CLI without sudo, you have four options:
- Use setcap 'cap_net_bind_service=+ep' /path/to/program - Use setcap 'cap_net_bind_service=+ep' /path/to/program
@ -66,36 +66,50 @@ This traffic redirection is only needed as long as lego solves challenges. As so
#### Usage #### Usage
``` ```
NAME: Let's Encrypt client written in Go
lego - Let's Encrypt client written in Go
USAGE: Usage:
lego [global options] command [command options] [arguments...] lego [command]
VERSION: Available Commands:
0.3.0 dnshelp Shows additional help for the --dns global option
renew Renew a certificate
COMMANDS: revoke Revoke a certificate
run Register an account, then create and install a certificate run Register an account, then create and install a certificate
revoke Revoke a certificate version Prints current version of lego
renew Renew a certificate
dnshelp Shows additional help for the --dns global option Flags:
help, h Shows a list of commands or help for one command -a, --accept-tos By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
--dns string Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage.
GLOBAL OPTIONS: -d, --domains value Add domains to the process (default [])
--domains, -d [--domains option --domains option] Add domains to the process -m, --email string Email used for registration and recovery contact.
--server, -s "https://acme-v01.api.letsencrypt.org/directory" CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. -x, --exclude value Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". (default [])
--email, -m Email used for registration and recovery contact. -h, --help help for lego
--accept-tos, -a By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. --http string Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
--key-type, -k "rsa2048" Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 -k, --key-type string Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384 (default "rsa2048")
--path "${CWD}/.lego" Directory to use for storing the data --path string Directory to use for storing the data (default "/Users/gianluca/ProgrammingProjects/go/src/github.com/xenolf/lego/.lego")
--exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01". -s, --server string CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default "https://acme-v01.api.letsencrypt.org/directory")
--webroot Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge --tls string Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
--http Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port --webroot string Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge
--tls Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
--dns Solve a DNS challenge using the specified provider. Disables all other challenges. Run 'lego dnshelp' for help on usage. Use "lego [command] --help" for more information about a command.
--help, -h show help ```
--version, -v print the version
For further help on a command:
```
$ lego renew --help
Renew a certificate
Usage:
lego renew [flags]
Flags:
--days int The number of days left on a certificate to renew it.
--no-bundle Do not create a certificate bundle by adding the issuers certificate to the new certificate.
--resuse-key Used to indicate you want to reuse your current private key for the new certificate.
...
``` ```
##### CLI Example ##### CLI Example
@ -106,7 +120,7 @@ If your environment does not allow you to bind to these ports, please read [Port
Obtain a certificate: Obtain a certificate:
```bash ```bash
$ lego --email="foo@bar.com" --domains="example.com" run $ lego run --email="foo@bar.com" --domains="example.com"
``` ```
(Find your certificate in the `.lego` folder of current working directory.) (Find your certificate in the `.lego` folder of current working directory.)
@ -114,13 +128,13 @@ $ lego --email="foo@bar.com" --domains="example.com" run
To renew the certificate: To renew the certificate:
```bash ```bash
$ lego --email="foo@bar.com" --domains="example.com" renew $ lego renew --email="foo@bar.com" --domains="example.com"
``` ```
Obtain a certificate using the DNS challenge and AWS Route 53: Obtain a certificate using the DNS challenge and AWS Route 53:
```bash ```bash
$ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run $ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego run --email="foo@bar.com" --domains="example.com" --dns="route53"
``` ```
Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead. Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead.
@ -205,7 +219,7 @@ if err != nil {
} }
// We specify an http port of 5002 and an tls port of 5001 on all interfaces // We specify an http port of 5002 and an tls port of 5001 on all interfaces
// because we aren't running as root and can't bind a listener to port 80 and 443 // because we aren't running as root and can't bind a listener to port 80 and 443
// (used later when we attempt to pass challenges). Keep in mind that we still // (used later when we attempt to pass challenges). Keep in mind that we still
// need to proxy challenge traffic to port 5002 and 5001. // need to proxy challenge traffic to port 5002 and 5001.
client.SetHTTPAddress(":5002") client.SetHTTPAddress(":5002")