NAME

lfacme — issue, renew and manage ACME certificates

SYNOPSIS

DESCRIPTION

The lfacme command supports automated management of TLS certificates using an ACME server. Certificates can be automatically issued and renewed, and a hook system allows software using those certificates to be automatically (re)configured with the new certificate.

Prior to using lfacme, two configuration files must be created: /usr/local/etc/lfacme/acme.conf and /usr/local/etc/lfacme/domains.conf. Samples of both files are provided in /usr/local/etc/lfacme. Refer to acme.conf(5) and domains.conf(5) for more detailed documentation on these files.

The following options are supported:

-c confdir

Load the configuration from confdir instead of the default /usr/local/etc/lfacme.

-v

Print more detailed output while running.

The following commands are supported:

setup

Create a new account on the ACME server. This must be run prior to issuing any certificates. See lfacme-setup(8).

renew

Issue or renew any certificates based on the domains.conf(5) configuration file. See lfacme-renew(8).

cert

Manage installed certificates. See lfacme-cert(8).

ENVIRONMENT

The following environment variables affect the executation of lfacme:

LFACME_CONFDIR

Override the default configuration directory. This is equivalent to specifying the -c flag on the command line.

LFACME_VERBOSE

If set to a non-empty string, run in verbose mode. This is equivalent to specifying the -v flag on the command line.

Additionally, any configuration settings described in acme.conf(5) may also be set in the environment.

SEE ALSO

acme.conf(5), domains.conf(5), lfacme-cert(8), lfacme-renew(8), lfacme-setup(8)