4407210e01
Fix #521 by introducing MissingNonceError, which by shows response headers when printed to STDOUT. More sensible solution (a'la #523) is blocked by boulder#417 (HTTP 405 response for HEAD). Split out ClientNetworkWithMockedResponseTest from ClientNetworkTest, which improves readability and makes it easier to test (less mocks).
Official documentation, including installation instructions, is available at https://letsencrypt.readthedocs.org.
Generic information about Let's Encrypt project can be found at https://letsencrypt.org. Please read Frequently Asked Questions (FAQ).
About the Let's Encrypt Client
In short: getting and installing SSL/TLS certificates made easy (watch demo video).
The Let's Encrypt Client is a tool to automatically receive and install X.509 certificates to enable TLS on servers. The client will interoperate with the Let's Encrypt CA which will be issuing browser-trusted certificates for free beginning the summer of 2015.
It's all automated:
- The tool will prove domain control to the CA and submit a CSR (Certificate Signing Request).
- If domain control has been proven, a certificate will get issued and the tool will automatically install it.
All you need to do to sign a single domain is:
user@www:~$ sudo letsencrypt -d www.example.org authFor multiple domains (SAN) use:
user@www:~$ sudo letsencrypt -d www.example.org -d example.org authand if you have a compatible web server (Apache or Nginx), Let's Encrypt can not only get a new certificate, but also deploy it and configure your server automatically!:
user@www:~$ sudo letsencrypt -d www.example.org runEncrypt ALL the things!
Disclaimer
This is a DEVELOPER PREVIEW intended for developers and testers only.
DO NOT RUN THIS CODE ON A PRODUCTION SERVER. IT WILL INSTALL CERTIFICATES SIGNED BY A TEST CA, AND WILL CAUSE CERT WARNINGS FOR USERS.
Current Features
- web servers supported:
- apache/2.x (tested and working on Ubuntu Linux)
- nginx/0.8.48+ (tested and mostly working on Ubuntu Linux)
- standalone (runs its own webserver to prove you control the domain)
- the private key is generated locally on your system
- can talk to the Let's Encrypt (demo) CA or optionally to other ACME compliant services
- can get domain-validated (DV) certificates
- can revoke certificates
- adjustable RSA key bitlength (2048 (default), 4096, ...)
- optionally can install a http->https redirect, so your site effectively runs https only (Apache only)
- fully automated
- configuration changes are logged and can be reverted using the CLI
- text and ncurses UI
- Free and Open Source Software, made with Python.
Links
Documentation: https://letsencrypt.readthedocs.org
Software project: https://github.com/letsencrypt/letsencrypt
Notes for developers: CONTRIBUTING.md
Main Website: https://letsencrypt.org/
IRC Channel: #letsencrypt on Freenode
Mailing list: client-dev (to subscribe without a Google account, send an email to client-dev+subscribe@letsencrypt.org)