/letsencrypt

An ACME client that can update Apache/Nginx configurations

Primary LanguagePythonOtherNOASSERTION

Disclaimer

This is a DEVELOPER PREVIEW intended for developers and testers only.

DO NOT RUN THIS CODE ON A PRODUCTION SERVER. IT WILL INSTALL CERTIFICATES SIGNED BY A TEST CA, AND WILL CAUSE CERT WARNINGS FOR USERS.

Browser-trusted certificates will be available in the coming months.

For more information regarding the status of the project, please see https://letsencrypt.org. Be sure to checkout the Frequently Asked Questions (FAQ).

About the Let's Encrypt Client

Travis CI status Coverage status Documentation status Docker Repository on Quay.io

In short: getting and installing SSL/TLS certificates made easy (watch demo video).

The Let's Encrypt Client is a tool to automatically receive and install X.509 certificates to enable TLS on servers. The client will interoperate with the Let's Encrypt CA which will be issuing browser-trusted certificates for free.

It's all automated:

  • The tool will prove domain control to the CA and submit a CSR (Certificate Signing Request).
  • If domain control has been proven, a certificate will get issued and the tool will automatically install it.

All you need to do to sign a single domain is:

user@www:~$ sudo letsencrypt -d www.example.org auth

For multiple domains (SAN) use:

user@www:~$ sudo letsencrypt -d www.example.org -d example.org auth

and if you have a compatible web server (Apache or Nginx), Let's Encrypt can not only get a new certificate, but also deploy it and configure your server automatically!:

user@www:~$ sudo letsencrypt -d www.example.org run

Encrypt ALL the things!

Current Features

  • web servers supported:
    • apache/2.x (tested and working on Ubuntu Linux)
    • nginx/0.8.48+ (tested and mostly working on Ubuntu Linux)
    • standalone (runs its own webserver to prove you control the domain)
  • the private key is generated locally on your system
  • can talk to the Let's Encrypt (demo) CA or optionally to other ACME compliant services
  • can get domain-validated (DV) certificates
  • can revoke certificates
  • adjustable RSA key bitlength (2048 (default), 4096, ...)
  • optionally can install a http->https redirect, so your site effectively runs https only (Apache only)
  • fully automated
  • configuration changes are logged and can be reverted using the CLI
  • text and ncurses UI
  • Free and Open Source Software, made with Python.

Installation Instructions

Official documentation, including installation instructions, is available at https://letsencrypt.readthedocs.org.

Links

Documentation: https://letsencrypt.readthedocs.org

Software project: https://github.com/letsencrypt/letsencrypt

Notes for developers: CONTRIBUTING.md

Main Website: https://letsencrypt.org/

IRC Channel: #letsencrypt on Freenode

Community: https://community.letsencrypt.org

Mailing list: client-dev (to subscribe without a Google account, send an email to client-dev+subscribe@letsencrypt.org)