Welcome to the acme-dns-tiny project

Tiny ACME client to respond to DNS challenges

Latest News

2018-12-09: v2.1 has been released with support of ACME draft 16.
2018-05-03: v2.0 has been released with Let's Encrypt v2 API endpoint support.

Introduction

acme-dns-tiny is a Python 3 script able to request TLS certificates to a CA server providing an ACME interface.
The server has just to be compliant with the ACME RFC created by the Let's Encrypt project.

The main goal of acme-dns-tiny is not to rewrite the official cert-bot client but to give administrators a simple script easy to integrate in their environment. So you won't find all challenges defined in the RFC, but only the dns-01 challenge available.

acme-dns-tiny is a fork of the acme-tiny project, but it has slightly diverged to:

remove http-01 challenge support and to automate the DNS resources creation to respond to the challenges
support only on Python 3
use a configuration INI file instead of arguments
use a simpler library to send HTTP requests to the ACME server

Status of latest acme-dns-tiny

As the ACME RFC is still under development (its current status is « draft »), the acme-dns-tiny status is also currently in development.

Although we have some stable releases that you can use on your server (as the current one 😉).
Please see our Gitlab page to find the latest release.

Requirements

To run acme-dns-tiny, you'll need at least:

Python 3 installed
dnspython module available in Python 3 environment.
You can either use its Python 3 specific version or the unified version
For the unified version, the 1.15 release is required as there as a bug in the unification process before
Since version 2, the requests module is required too.
This module allowed us to simplify HTTP requests to the ACME server and to be more compliant with the requirements by setting correctly user-agent, content-type…
a DNS server allowing dynamic updates through TSIG key authentication

Then you have to give access to the user running the script to (not root !):

an ACME account private key
a CSR (without access to the private key itself !)
a config file containing path of to files above and the DNS secret to manage DNS resources

Code and documentation

This project is under the MIT license as its parent acme-tiny, you'll find all code and documentation on its Gitlab site: https://projects.adorsaz.ch/adrien/acme-dns-tiny/.
A mirror of the code is also available on Github : https://github.com/Trim/acme-dns-tiny

You'll find the acme-dns-tiny community XMPP news there: xmpp.pubsub://acme-dns-tiny@community.adorsaz.ch.
To read news from this pubsub, you can use one instance of the Movim services (they include RSS feeds too) as the adorsaz.ch Movim pod.