acme-dns-tiny

Tiny ACME client to obtain wildcard TLS certificates through DNS challenge resolution

Introduction

acme-dns-tiny is a python 3 script able to ask a Certificate Autority (CA) to provide automatically a X.509 certificate.

To be able to automate the certificate creation, acme-dns-tiny uses the ACME RFC 8555 standard. Indeed, to prove to the CA you are the owner of the domains included in the certificate request, acme-dns-tiny uses the DNS challenges defined by this RFC.

To resolve these challenges, acme-dns-tiny dynamically updates some DNS resources on your DNS service provider.

That's why, to be able to use acme-dns-tiny, you'll have to choose a CA which provides a service following the ACME RFC 8555, like the Let's Encrypt non-profit Certificate Authority.

The main goal of acme-dns-tiny is not to rewrite the official certbot ACME client but to give administrators a simple script easy to integrate in their environment without requiring root privileges and without access to the domain private key.

Requirements

To run acme-dns-tiny, you'll need a computer with Python 3, the dnspython module, the requests module and the OpenSSL command line available.

Then you have to give access to the rootless user running the script to:

Finally, that computer must be able to access a DNS server allowing dynamic resource updates through TSIG key authentication.

Open Source

acme-dns-tiny is an open source software, so you can read how it works, modify it and redistribute it as long you respect the MIT license.

The main git repository is hosted on gitlab.adorsaz.ch.

In case the main Gitlab instance is not reachable, you can find a mirror on Github.

Maintenance state

Latest Release main branch pipeline status main branch coverage status

Origin

acme-dns-tiny is a fork of the acme-tiny project, but it has slightly diverged to: