Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
acmetool(8)		    System Manager's Manual		   acmetool(8)

NAME
       acmetool	- request certificates from ACME servers automatically

SYNOPSIS
       acmetool	[<flags>] <command> [<args> ...]

DESCRIPTION
       acmetool	 is  a utility for the automated retrieval, management and re-
       newal of	certificates from ACME server such as Let's Encrypt. It	empha-
       sises automation, idempotency and the minimisation of state.

       You  use	 acmetool  by configuring targets (typically using the "want")
       command.	 acmetool then requests	certificates as	necessary  to  satisfy
       the  configured	targets. New certificates are requested	where existing
       ones are	soon to	expire.

       acmetool	stores its state in a state directory. It can be specified  on
       invocation   via	  the	--state	  option;   otherwise,	 the  path  in
       ACME_STATE_DIR is used, or, failing that, the path "/var/db/acme" (rec-
       ommended).

       The  --xlog  options control the	logging. The --service options control
       privilege dropping and daemonization and	are  applicable	 only  to  the
       redirector subcommand.

OPTIONS
       --help Show  context-sensitive  help  (also try --help-long and --help-
	      man).

       --state=/var/db/acme
	      Path to the state	directory (env:	ACME_STATE_DIR)

       --hooks=/usr/local/libexec/acme/hooks
	      Path to the notification hooks directory (env: ACME_HOOKS_DIR)

       --batch
	      Do not attempt interaction; useful for cron jobs.	(acmetool  can
	      still  obtain  responses	from  a	response file, if one was pro-
	      vided.)

       --stdio
	      Don't attempt to use console dialogs; fall back to stdio prompts

       --response-file=RESPONSE-FILE
	      Read  dialog   responses	 from	the   given   file   (default:
	      $ACME_STATE_DIR/conf/responses)

       --version
	      Print version information

       --xlog.facility=daemon
	      Syslog facility to use

       --xlog.syslog
	      Log to syslog?

       --xlog.syslogseverity=DEBUG
	      Syslog severity limit

       --xlog.journal
	      Log to systemd journal?

       --xlog.journalseverity=DEBUG
	      Systemd journal severity limit

       --xlog.severity=NOTICE
	      Log severity (any	syslog severity	name or	number)

       --xlog.file=""
	      Log to filename

       --xlog.fileseverity=TRACE
	      File logging severity limit

       --xlog.stderr
	      Log to stderr?

       --xlog.stderrseverity=TRACE
	      stderr logging severity limit

       --service.cpuprofile=""
	      Write CPU	profile	to file

       --service.debugserveraddr=""
	      Address  for  debug server to listen on (do not specify a	public
	      address) (default: disabled)

       --service.uid=""
	      UID to run as (default: don't drop privileges)

       --service.gid=""
	      GID to run as (default: don't drop privileges)

       --service.daemon
	      Run as daemon? (doesn't fork)

       --service.stderr
	      Keep stderr open when daemonizing

       --service.chroot=""
	      Chroot to	a directory (must set UID, GID)	("/" disables)

       --service.pidfile=""
	      Write PID	to file	with given filename and	hold a write lock

       --service.fork
	      Fork? (implies -daemon)

SUBCOMMANDS
   help	[<command>...]
       Show help.

   reconcile
       Reconcile ACME state, idempotently requesting and renewing certificates
       to satisfy configured targets.

       This is the default command.

   cull	[<flags>]
       Delete expired, unused certificates

       -n, --simulate
	      Show which certificates would be deleted without deleting	any

   status
       Show active configuration

   want	[<flags>] <hostname>...
       Add a target with one or	more hostnames

       --reconcile
	      Specify --no-reconcile to	skip reconcile after adding target

   unwant <hostname>...
       Modify targets to remove	any mentions of	the given hostnames

   quickstart [<flags>]
       Interactively ask some getting started questions	(recommended)

       --expert
	      Ask more questions in quickstart wizard

   redirector [<flags>]
       HTTP to HTTPS redirector	with challenge response	support

       --path=PATH
	      Path to serve challenge files from

       --challenge-gid=CHALLENGE-GID
	      GID to chgrp the challenge path to (optional)

       --read-timeout=10s
	      Maximum duration before timing out read of the request (default:
	      '10s')

       --write-timeout=20s
	      Maximum duration before timing out write	of  the	 request  (de-
	      fault: '20s')

   test-notify [<hostname>...]
       Test-execute notification hooks as though given hostnames were updated

   import-jwk-account <provider-url> <private-key-file>
       Import a	JWK account key

   import-pem-account <provider-url> <private-key-file>
       Import a	PEM account key

   import-key <private-key-file>
       Import a	certificate private key

   import-le [<le-state-path*>]
       Import a	Let's Encrypt client state directory

   revoke [<certificate-id-or-path>]
       Revoke a	certificate

   account-thumbprint
       Prints account thumbprints

AUTHOR
       A(C) 2015 Hugo Landau <hlandau@devever.net>  MIT	License

SEE ALSO
       Documentation: <https://github.com/hlandau/acme>

       Report bugs at: <https://github.com/hlandau/acme/issues>

				   acmetool			   acmetool(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SUBCOMMANDS | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=acmetool&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help