Provided by: acmetool_0.2.2-2ubuntu0.24.04.2_amd64 bug

NAME

       acmetool - request certificates from ACME servers automatically

SYNOPSIS

       acmetool [<flags>] <command> [<args> ...]

DESCRIPTION

       acmetool  is a utility for the automated retrieval, management and renewal of certificates
       from ACME server such as Let's Encrypt. It  emphasises  automation,  idempotency  and  the
       minimisation of state.

       You  use  acmetool  by configuring targets (typically using the "want") command.  acmetool
       then  requests  certificates  as  necessary  to  satisfy  the  configured   targets.   New
       certificates are requested where existing ones are soon to expire.

       acmetool  stores its state in a state directory. It can be specified on invocation via the
       --state option; otherwise, the path in ACME_STATE_DIR is used, or, failing that, the  path
       "/var/lib/acme" (recommended).

       The  --xlog  options control the logging. The --service options control privilege dropping
       and daemonization and are applicable only to the redirector subcommand.

OPTIONS

       --help Show context-sensitive help (also try --help-long and --help-man).

       --state=/var/lib/acme
              Path to the state directory (env: ACME_STATE_DIR)

       --hooks=/etc/acme/hooks
              Path to the notification hooks directory (env: ACME_HOOKS_DIR)

       --batch
              Do not attempt interaction; useful  for  cron  jobs.  (acmetool  can  still  obtain
              responses from a response file, if one was provided.)

       --stdio
              Don't attempt to use console dialogs; fall back to stdio prompts

       --response-file=RESPONSE-FILE
              Read dialog responses from the given file (default: $ACME_STATE_DIR/conf/responses)

       --version
              Print version information

       --xlog.facility=daemon
              Syslog facility to use

       --xlog.syslog
              Log to syslog?

       --xlog.syslogseverity=DEBUG
              Syslog severity limit

       --xlog.journal
              Log to systemd journal?

       --xlog.journalseverity=DEBUG
              Systemd journal severity limit

       --xlog.severity=NOTICE
              Log severity (any syslog severity name or number)

       --xlog.file=""
              Log to filename

       --xlog.fileseverity=TRACE
              File logging severity limit

       --xlog.stderr
              Log to stderr?

       --xlog.stderrseverity=TRACE
              stderr logging severity limit

       --service.cpuprofile=""
              Write CPU profile to file

       --service.debugserveraddr=""
              Address  for  debug server to listen on (do not specify a public address) (default:
              disabled)

       --service.uid=""
              UID to run as (default: don't drop privileges)

       --service.gid=""
              GID to run as (default: don't drop privileges)

       --service.daemon
              Run as daemon? (doesn't fork)

       --service.stderr
              Keep stderr open when daemonizing

       --service.chroot=""
              Chroot to a directory (must set UID, GID) ("/" disables)

       --service.pidfile=""
              Write PID to file with given filename and hold a write lock

       --service.fork
              Fork? (implies -daemon)

SUBCOMMANDS

   help [<command>...]
       Show help.

   cull [<flags>]
       Delete expired, unused certificates

       -n, --simulate
              Show which certificates would be deleted without deleting any

   status
       Show active configuration

   want [<flags>] <hostname>...
       Add a target with one or more hostnames

       --reconcile
              Specify --no-reconcile to skip reconcile after adding target

   unwant <hostname>...
       Modify targets to remove any mentions of the given hostnames

   quickstart [<flags>]
       Interactively ask some getting started questions (recommended)

       --expert
              Ask more questions in quickstart wizard

   redirector [<flags>]
       HTTP to HTTPS redirector with challenge response support

       --path=PATH
              Path to serve challenge files from

       --challenge-gid=CHALLENGE-GID
              GID to chgrp the challenge path to (optional)

       --read-timeout=10s
              Maximum duration before timing out read of the request (default: '10s')

       --write-timeout=20s
              Maximum duration before timing out write of the request (default: '20s')

       --status-code=308
              HTTP status code to use when redirecting (default '308')

       --bind=":80"
              Bind address for redirectory (default ':80')

   test-notify [<hostname>...]
       Test-execute notification hooks as though given hostnames were updated

   import-jwk-account <provider-url> <private-key-file>
       Import a JWK account key

   import-pem-account <provider-url> <private-key-file>
       Import a PEM account key

   import-key <private-key-file>
       Import a certificate private key

   import-le [<le-state-path*>]
       Import a Let's Encrypt client state directory

   revoke [<certificate-id-or-path>]
       Revoke a certificate

   account-thumbprint
       Prints account thumbprints

   account-url
       Show account URL

   reconcile [<target-filenames>...]
       Reconcile ACME  state,  idempotently  requesting  and  renewing  certificates  to  satisfy
       configured targets.

       This is the default command.

AUTHOR

       © 2015 Hugo Landau <hlandau@devever.net>  MIT License

SEE ALSO

       Documentation: <https://github.com/hlandau/acmetool>

       Report bugs at: <https://github.com/hlandau/acmetool/issues>

                                             acmetool                                 acmetool(8)