This repository contains a library that can be used to develop ACME / Let's Encrypt clients.
Requesting and installing a a new SSL certificate can be as simple as this:
acme.exe www.example.com -a
That's all you need to do to request and install a free SSL certificate from Let's Encrypt!
This project is work in progress. It works, but probably still has many bugs and needs more testing.
I created this project as a training excercise and to learn about ACME and related technologies (certificate file formats, ASN1, ...). This is not intended to be a finished and ready to use product. However, I thought it might be useful or interesting for other people as well.
A major difference to other ACME .net clients is that this project does not have a dependency on OpenSSL (mainly because I wanted to figure out if I could implement this project without OpenSSL, and because it provided an opportunity to learn more about certificate file formats and ASN1).
If you are just looking for a Let's Encrypt client or a more mature project, then you should take a look at these projects:
.net ACME protocol library. A simple ACME Client for Windows
You can use acme.exe with or without IIS integration. With IIS integration, acme.exe autoamtically configures your IIS to respond to the ACME domain validation challenge, and it updates your IIS web site with the new SSL certificate. To use IIS integration, you must run acme.exe on your IIS web server.
Examples:
Request a certificate for www.yourdomain.com and accept the terms of service of the ACME server (-a), using your@email.com as registration contact information (-m):
acme.exe -a www.yourdomain.com -m mailto:your@email.com
If you don't want to use IIS integration or can't use it / you are not using IIS, you can also run acme.exe without IIS support. In that case, you need to manually copy the challenge file that is required to validate domain ownership to your server.
Request a certificate for www.yourdomain.com without IIS integration and accept the terms of service of the ACME server (-a), using your@email.com as registration contact information (-m):
acme.exe -a www.yourdomain.com -m mailto:your@email.com -c manual-http-01 -i manual
If something does not work, please contact me at mathias@raacke.info or submit an issue on GitHub. You can increase the output verbosity by using the parameter -v Verbose
This is an implementation of the ACME protocol. IT contains a class AcmeClient that can be used to communicate with ACME servers.
This is a simple command line client that I use to test my ACME client. It does not yet have any command line arguments (I use it by commenting out/in whatever I need).
A "classic" .net framework console application used to create a console .exe in addition to the dnx console application.
This project contains classes to generate PKCS10 certificate requests. It can also save private keys in a PKCS1 .pem file. I have started to work on PKCS12 (PFX) support, but this code is not used yet.
The ACME.net protocol library is now also available on nuget.org. The API could still change and is not widely used yet, therefore I have uploaded it as a prerelease package.
The console application can now configure IIS to automatically handle an http-01 challenge. It can now also install the certificate into the certificate store and update IIS bindings to use the new certificate.
The console application now accepts command line parameters. I also added a first prerelease binary to the releases page. I have also set up an AppVeyor CI build.
This is just a prototype and work in progress. The code contains hard coded references to paths on my PC and hard coded certificate names and domain names.
However, it is complete enough that I was able to create a SSL certificate for my web site test.startliste.info.