Announcing uacme, a lightweight ACMEv2 client written in C

Hello

uacme is an open source, lightweight ACMEv2 client, written in plain C with minimal dependencies. I just released version 1.0 at the following address

An html version of the man page is available https://ndilieto.github.io/uacme.1.html

I believe at this time uacme is the only ACMEv2 compatible client written in plain C. The only dependencies are libcurl and gnutls.

7 Likes

it’s small enough for use in Openwrt(80k), but not guntls is quite big in router world (additional 600kB from installing gnutls) Could you add version that use libmbedtls?

3 Likes

It is feasible. Give me some time and I’ll see what I can do.

2 Likes

As you requested I’ve added support for mbedTLS as an alternative to GnuTLS. You can switch at configure stage:

./configure --with-mbedtls

Note, you will probably need to also recompile libcurl with mbedTLS support, otherwise it may pull OpenSSL or GnuTLS.

Let me know if it works for you.

3 Likes

Nearly a week ago I submitted a pull request https://github.com/letsencrypt/website/pull/503 to get this listed at https://letsencrypt.org/docs/client-options but so far it has not been even reviewed yet. Is there anything I didn’t do right in the pull request?

I guess it’s a good question who is responsible for reviewing these. @jple, do you know who can review and update these? Over at

I see six pending pull requests related to the list of ACME clients (of which @ndilieto’s is the most recent).

I got a request to add support for building with OpenSSL, which I added to the master branch with commit 656b6e53. I’d appreciate any third party testing before I make a proper release.

BTW, the pull request on the Let’s Encrypt client page is stil pending…

Manpage link updated to https://ndilieto.github.io/uacme
Also added README.md including getting started instructions

1 Like

A user requested ECC key/certificate support which I’ve just committed in the github repo. For more info see

As usual I’d appreciate third party testing before releasing it properly.

2 Likes

New version 1.0.11 available with support for ACME account key rollover:

1 Like

As I have no time to do this myself, I am looking for volunteers who would like to contribute hook scripts to integrate UACME .with any DNS API providers. I’ll add quality scripts to the official distribution.

1 Like

This is now being packaged for OpenWRT.

you can’t easily fit acme.sh and use it in a 8MB flash router if it’s not included in the squashfs partition
the dependencies for acme are

114K ca-bundle_20190110-1_all.ipk
48K curl_7.65.0-1_x86_64.ipk
127K libcurl4_7.65.0-1_x86_64.ipk
1.5M libopenssl1.1_1.1.1c-1_x86_64.ipk
181K libmbedtls12_2.16.1-1_x86_64.ipk
4.8K libopenssl-conf_1.1.1c-1_x86_64.ipk
259K openssl-util_1.1.1c-1_x86_64.ipk

and uacme

114K ca-bundle_20190110-1_all.ipk
127K libcurl4_7.65.0-1_x86_64.ipk
181K libmbedtls12_2.16.1-1_x86_64.ipk

and ~25K for the uacme itself

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.