Hello,
I tried some ACME/LE clients but none of them fits my situation like I want to.
What I basically want is a lightweight client that:
- runs on Linux with minimal dependencies
- supports the DNS challenge (HTTP not needed)
- is easily scriptable (no interactive mode at all)
- can run as regular user (no root)
We use existing custom scripts that update our zone files (remotely), and generate the web server configuration (also remotely). So I need a client that does not touch or require anything on the file system. I want simple stuff on stdout and certs to files I specify. Most clients I tried want to do my work for me, but that’s not what I want.
Here’s a dialog I imagine:
Step 0 (only once):
# awesome-client signup --email me@domain.tld
-> awesome-client response: success, your key: 12345abcdef
no files are generated by awesome-client
my script saves the key in its own database, and re-uses it from now on
Step 1:
# awesome-client request --account 12345abcdef --dns --domain domain.tld
-> awesome-client response: success, use challenge abdef12345 for _acme-challenge.domain.tld
no files are touched or generated by awesome-client
my script updates the DNS record and reloads the name server
Step 2:
# awesome-client verify --account 12345abcdef --dns --domain domain.tld --cert=/where/to/write/the.cert --key=/where/to/write/the.key
-> awesome-client response: success, files written
only those two files are written by awesome-client
my script takes those files, updates web server configuration, etc
I know that certbot-auto does something similar in manual mode, but step 1 and 2 are interactive (“Press ENTER to continue”). I can’t use any hooks either since I can’t interrupt my script. Also, certbot wants to run as root or sudo which is a no-go.
Can anyone point me to a client that does support what I want?