Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
acmetool(8)		    System Manager's Manual		   acmetool(8)

NAME
       acmetool	- request certificates from ACME servers automatically

SYNOPSIS
       acmetool	[<flags>] <command> [<args> ...]

DESCRIPTION
       acmetool	 is  a utility for the automated retrieval, management and re-
       newal of	certificates from ACME server such as Let's Encrypt. It	empha-
       sises automation, idempotency and the minimisation of state.

       You use acmetool	by configuring targets (typically  using  the  "want")
       command.	  acmetool  then requests certificates as necessary to satisfy
       the configured targets. New certificates	are requested  where  existing
       ones are	soon to	expire.

       acmetool	 stores	its state in a state directory.	It can be specified on
       invocation  via	the   --state	option;	  otherwise,   the   path   in
       ACME_STATE_DIR is used, or, failing that, the path "/var/db/acme" (rec-
       ommended).

       The  --xlog  options control the	logging. The --service options control
       privilege dropping and daemonization and	are  applicable	 only  to  the
       redirector subcommand.

OPTIONS
       --help Show  context-sensitive  help  (also try --help-long and --help-
	      man).

       --state=/var/db/acme
	      Path to the state	directory (env:	ACME_STATE_DIR)

       --hooks=/usr/local/libexec/acme/hooks
	      Path to the notification hooks directory (env: ACME_HOOKS_DIR)

       --batch
	      Do not attempt interaction; useful for cron jobs.	(acmetool  can
	      still  obtain  responses	from  a	response file, if one was pro-
	      vided.)

       --stdio
	      Don't attempt to use console dialogs; fall back to stdio prompts

       --response-file=RESPONSE-FILE
	      Read  dialog   responses	 from	the   given   file   (default:
	      $ACME_STATE_DIR/conf/responses)

       --version
	      Print version information

       --xlog.facility=daemon
	      Syslog facility to use

       --xlog.syslog
	      Log to syslog?

       --xlog.syslogseverity=DEBUG
	      Syslog severity limit

       --xlog.journal
	      Log to systemd journal?

       --xlog.journalseverity=DEBUG
	      Systemd journal severity limit

       --xlog.severity=NOTICE
	      Log  severity  (any  syslog  severity  name  or  number (0-7) or
	      'trace' (8) (most	verbose))

       --xlog.file=""
	      Log to filename

       --xlog.fileseverity=TRACE
	      File logging severity limit

       --xlog.stderr
	      Log to stderr?

       --xlog.stderrseverity=TRACE
	      stderr logging severity limit

       --service.cpuprofile=""
	      Write CPU	profile	to file

       --service.debugserveraddr=""
	      Address for debug	server to listen on (do	not specify  a	public
	      address) (default: disabled)

       --service.uid=""
	      UID to run as (default: don't drop privileges)

       --service.gid=""
	      GID to run as (default: don't drop privileges)

       --service.daemon
	      Run as daemon? (doesn't fork)

       --service.stderr
	      Keep stderr open when daemonizing

       --service.chroot=""
	      Chroot to	a directory (must set UID, GID)	("/" disables)

       --service.pidfile=""
	      Write PID	to file	with given filename and	hold a write lock

       --service.fork
	      Fork? (implies -daemon)

SUBCOMMANDS
   help	[<command>...]
       Show help.

   reconcile [<target-filenames>...]
       Reconcile ACME state, idempotently requesting and renewing certificates
       to satisfy configured targets.

       This is the default command.

   cull	[<flags>]
       Delete expired, unused certificates

       -n, --simulate
	      Show which certificates would be deleted without deleting	any

   status
       Show active configuration

   want	[<flags>] <hostname>...
       Add a target with one or	more hostnames

       --reconcile
	      Specify --no-reconcile to	skip reconcile after adding target

   unwant <hostname>...
       Modify targets to remove	any mentions of	the given hostnames

   quickstart [<flags>]
       Interactively ask some getting started questions	(recommended)

       --expert
	      Ask more questions in quickstart wizard

   redirector [<flags>]
       HTTP to HTTPS redirector	with challenge response	support

       --path=PATH
	      Path to serve challenge files from

       --challenge-gid=CHALLENGE-GID
	      GID to chgrp the challenge path to (optional)

       --read-timeout=10s
	      Maximum duration before timing out read of the request (default:
	      '10s')

       --write-timeout=20s
	      Maximum  duration	 before	 timing	 out write of the request (de-
	      fault: '20s')

       --status-code=308
	      HTTP status code to use when redirecting (default	'308')

       --bind=":80"
	      Bind address for redirectory (default ':80')

   test-notify [<hostname>...]
       Test-execute notification hooks as though given hostnames were updated

   import-jwk-account <provider-url> <private-key-file>
       Import a	JWK account key

   import-pem-account <provider-url> <private-key-file>
       Import a	PEM account key

   import-key <private-key-file>
       Import a	certificate private key

   import-le [<le-state-path*>]
       Import a	Let's Encrypt client state directory

   revoke [<certificate-id-or-path>]
       Revoke a	certificate

   account-thumbprint
       Prints account thumbprints

   account-url
       Show account URL

AUTHOR
	2015 Hugo Landau <hlandau@devever.net>	MIT License

SEE ALSO
       Documentation: <https://github.com/hlandau/acmetool>

       Report bugs at: <https://github.com/hlandau/acmetool/issues>

				   acmetool			   acmetool(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=acmetool&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help