Skip to content

caveman8080/ACMECertManager

BranchesTags

Repository files navigation

ACME Certificate Manager

CI (.NET 10)

The friendliest Windows app for free Let's Encrypt certificates

✅ Quick Start (30 seconds)

  1. Download the latest architecture artifact from Actions/Releases (acm-win-x86, acm-win-x64, or acm-win-arm64)
  2. Extract the package and run acm.exe
  3. Go to “Issue New Certificate” tab and click the big button

Defaults to Let's Encrypt production (real certificates). Use the advanced options in Issue New Certificate to switch to staging when testing.

Requirements

  • Minimum runtime for development and source builds: .NET 10 (net10.0-windows).
  • Minimum SDK for local build/test/publish commands: .NET SDK 10.0.
  • Windows 10/11.

Features

  • Dashboard with big friendly buttons
  • Issue wizard (domains, wildcards, HTTP-01 auto, DNS-01 plugin workflow)
  • Manage certificates (list, expiry, renew/revoke)
  • Logs tab with colored output
  • Runtime folders auto-created next to the executable (plugins/, logs/, certs/, storage/)
  • Self-contained single .exe (runs on any Windows 10/11)

Runtime Folder Layout

At startup the app creates these folders beside the executable:

  • plugins/ for DNS plugin DLL files
  • logs/ for persistent log files
  • certs/ for generated certificate files
  • storage/ for account/config/secrets JSON files

Legacy root files are migrated to storage/ on startup.

Expected extracted structure:

  • ACMECertManager/acm.exe
  • ACMECertManager/plugins/
  • ACMECertManager/logs/
  • ACMECertManager/certs/
  • ACMECertManager/storage/

Updating to a New Release

Use an in-place upgrade so your certificates and settings stay intact.

Simple update steps:

  1. Close ACMECertManager if it is running.
  2. Download the new release package for your architecture.
  3. Extract/copy the new files into your existing ACMECertManager folder.
  4. Allow overwrite of app binaries (including acm.exe).
  5. Make sure these folders are still present after update: plugins/, logs/, certs/, storage/.
  6. Launch acm.exe.

What is preserved on upgrade (if you keep the same folder):

  • certs/ (issued certificate files)
  • storage/certificates.json (certificate list/metadata)
  • storage/acme-account.json (ACME account key)
  • storage/dns-secrets.json (saved DNS plugin credentials)
  • storage/ui-settings.json (UI settings)
  • logs/ (log history)
  • plugins/ (DNS plugin DLLs you added)

What can be lost:

  • If you delete the old folder before copying the new release, you lose local data unless you backed up and restored certs/, storage/, logs/, and plugins/.
  • If certs/ is missing but storage/certificates.json exists, entries may remain but certificate files referenced by those entries may be missing.

DNS-01 Plugin Workflow

  1. Put provider DLLs in plugins/.
  2. Launch the app and open Issue New Certificate.
  3. Select DNS-01 and choose a plugin from the dropdown.
  4. Fill required plugin fields.
  5. Issue certificate.

Operational sequence:

  1. Download the pre-built package for your architecture (x86, x64, ARM64).
  2. Extract the ACMECertManager directory from the archive.
  3. Verify acm.exe, plugins, logs, certs, and storage exist.
  4. Place desired DNS plugin DLLs into plugins/.
  5. Start the app to auto-scan and load plugin DLLs.
  6. Choose DNS-01 and select the plugin from the DNS dropdown.
  7. Enter plugin-required credentials and provider data.
  8. After issuance, certificate files are saved in certs/ and shown in Manage Certificates.
  9. Use Revoke Selected (CA) and Delete Selected (Local) for certificate lifecycle actions.

Warning: DNS plugin secrets are currently stored in plaintext in storage/dns-secrets.json.

Saved DNS credentials now default to the current certificate hostname as Domain/Context when available. Blank Domain/Context is only used when no hostname is provided.

Advanced ACME options (Issue New Certificate):

  • Use Let's Encrypt staging server for test issuance.
  • Optionally override with a custom ACME directory URL.

Certificate output and visibility:

  • If PFX output is selected, issuance now validates that certificate.pfx was actually created.
  • Issued certificates are persisted to storage/certificates.json and immediately reloaded into the Manage Certificates grid.

How to Get Your .exe (2 ways)

Way 1 – Easiest (GitHub Actions already built it)

  • Go to Actions tab → click latest workflow → download your architecture artifact (acm-win-x86, acm-win-x64, acm-win-arm64)

Way 2 – Build yourself

  1. Install free Visual Studio Code with .NET 10 support (or install .NET SDK 10.0).
  2. Open ACMECertManager.sln
  3. Press F5 to run immediately
  4. To create single .exe: right-click project → Publish → self-contained win-x64 → Publish

Security Tips

  • Production is the default. Use staging from advanced options when testing to avoid rate limits.
  • Run as Administrator first time (for HTTP-01 on port 80)
  • Certificates auto-saved in certs/ folder
  • DNS plugin credentials are stored unsecured (plaintext) in storage/dns-secrets.json

Plugin Development

See PLUGIN_DEVELOPMENT.md for instructions on building custom DNS plugin DLLs.

Sample implementation included: samples/HurricaneElectricDnsPlugin

License: GPL v3

Repo: https://github.com/caveman8080/ACMECertManager

About

Modern Windows GUI for Let's Encrypt certificates

Topics

letsencrypt acme-client csharp dotnet gui-application windows-x64 windows-x86 dns-01 certificate-management acme-v2 tls-alpn-01 rfc-8555 http-01 windows-arm64

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages