With some of my certificates expiring soon, I decided to give it a go and leverage Let’s Encrypt API.
The result is the Perl client which is self-sufficient (so there is no need for sudo, using openssl command line, etc) and hopefully easy to use even for a non-technical person who never wrote a line of code. The client comes with a library and it can be easily extended with plugins to handle current (and possibly future) challenges.
That will generate an account key, CSR and do the rest. NB: Without –live everything runs against the staging server. The command line above is safe to-run (once generated files are in place, they will be loaded next time).
Since some features weren’t there when the original post was published, thought it might be a good idea to name a few things (among others) that were added since:
conditional renew (--renew XX, where XX is the number of days left until certificate expiration).
If le.pl detects that it is XX or fewer days left until certificate expiration, then (and only then) the renewal process will be run, so the script can be safely put into crontab to run on a daily basis if needed. The amount of days left is checked either by loading the locally available certificate file, or by connecting to a website using that certificate.
automatic placing and removal of challenge files (for http verification) with --path and --unlink options.
dns verification support
support for external modules handling the challenge pre- and post- verification.
support for external modules handling the process completion.