- Automated certificate enrollment without manual hands on
- Continuous monitoring for certificate lifecycle management, with automated certificate renewal to keep certificates are always valid
- Get your ACME registered KID and HMAC parameters through CertCentral Automation/ACME portal
- Replace the KID and HMAC values with systemd service in default configuration template
- Using linux systemd service to monitor the TLS certificate, it will renew the certificate when it close to expire with renewal parameter has given.
# acmex.service
[Service]
Type=simple
User=root
Restart=on-failure
LimitNOFILE=102400
# NOTE: change to your KID, HMAC and domains
Environment="KID=your-kid"
Environment="your-hmac-key"
ExecStart=/usr/bin/acmex-linux -domains=your-domain -dir=/etc/web/your-domain/
Also the command line program works for issuing new certificate, as the following example.
- Command-line examples
Usage: acme-darwin -domains=example.com -renew=3 -issue=false
-domains string
Domains that you wanted to secure, e.g. example.com
-issue
Issue the new certificate now, default: false
-renew int
Renewal period for certificate, default: 3 days (default 3)
-saveto string
Where do you want to save certificate to, e.g. /etc/web/your-domain/
- Issuing a new TLS certificate
KID=your-kid HMAC="your-hmac-key" /usr/bin/acmex-linux -domains=your-domain -dir=/etc/web/your-domain/ -issue=true
This software is released under the MIT license.