Obtain SSL certificates from the letsencrypt.org ACME server. Suitable for automating the process on remote servers.
- Bash - It runs on virtually all unix machines, including BSD, most Linux distributions, MAC OSX.
- Get certificates for remote servers - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, e.g. if it's a shared server.
- Runs as a daily cron - so certificates will be automatically renewed when required.
- Automatic certificate renewals
- Checks certificates are correctly loaded. After installation of a new certificate it will test the port specified ( see Server-Types for options ) that the certificate is actually being used correctly.
- Automatically updates - The script can automatically update itself with bug fixes etc if required.
- Extensively configurable - With a simple configuration file for each certificate it is possible to configure it exactly for your needs, whether a simple single domain or multiple domains across multiple servers on the same certificate.
- Supports http and dns challenges - Full ACME implementation
- Simple and easy to use
- Detailed debug info - Whilst it shouldn't be needed, detailed debug information is available.
- Reload services - After a new certificate is obtained then the relevant services (e.g. apache/nginx/postfix) can be reloaded.
Since the script is only one file, you can use the following command for a quick installation of GetSSL only:
curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
This will copy the getssl Bash script to the current location and change the permissions to make it executable for you.
For a more comprehensive installation (e.g. install also helper scripts) use the provided Makefile with each release tarball. Use the install target.
You'll find the latest version in the git repository:
git clone https://github.com/srvrco/getssl.git
For Arch Linux there are packages in the AUR, see here and there.
If you use puppet, there is a GetSSL Puppet module by dthielking
GetSSL was written in standard bash ( so it can be run on a server, a desktop computer, or even a virtualbox) and add the checks, and certificates to a remote server ( providing you have a ssh with key, sftp or ftp access to the remote server).
getssl ver. 2.02
Obtain SSL certificates from the letsencrypt.org ACME server
Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-Q|--mute] [-u|--upgrade] [-k|--keep #] [-U|--nocheck] [-r|--revoke cert key] [-w working_dir] domain
Options:
-a, --all Check all certificates
-d, --debug Outputs debug information
-c, --create Create default config files
-f, --force Force renewal of cert (overrides expiry checks)
-h, --help Display this help message and exit
-q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded)
-Q, --mute Like -q, but mutes notification about successful upgrade
-r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required)
-u, --upgrade Upgrade getssl if a more recent version is available
-k, --keep "#" Maximum amount of old getssl versions to keep when upgrading
-U, --nocheck Do not check if a more recent version is available
-w working_dir "Working directory"