mirror of https://github.com/breard-r/acmed.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 lines
3.2 KiB
103 lines
3.2 KiB
.\" Copyright (c) 2019-2020 Rodolphe Bréard <rodolphe@breard.tf>
|
|
.\"
|
|
.\" Copying and distribution of this file, with or without modification,
|
|
.\" are permitted in any medium without royalty provided the copyright
|
|
.\" notice and this notice are preserved. This file is offered as-is,
|
|
.\" without any warranty.
|
|
.Dd May 8, 2022
|
|
.Dt TACD 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm tacd
|
|
.Nd TLS-ALPN Challenge Daemon
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl e|--acme-ext Ar STRING
|
|
.Op Fl -acme-ext-file Ar FILE
|
|
.Op Fl -crt-digest Ar STRING
|
|
.Op Fl -crt-signature-alg Ar STRING
|
|
.Op Fl d|--domain Ar STRING
|
|
.Op Fl -domain-file Ar STRING
|
|
.Op Fl f|--foreground
|
|
.Op Fl h|--help
|
|
.Op Fl l|--listen Ar host:port
|
|
.Op Fl -log-stderr
|
|
.Op Fl -log-syslog
|
|
.Op Fl -log-level Ar LEVEL
|
|
.Op Fl -no-pid-file
|
|
.Op Fl -pid-file Ar FILE
|
|
.Op Fl V|--version
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is a server that will listen to incoming Transport Layer Security
|
|
.Pq TLS
|
|
connections and, if the
|
|
.Em acme-tls/1
|
|
protocol has been declared during the Application-Layer Protocol Negotiation
|
|
.Pq ALPN ,
|
|
present a self-signed certificate in order to attempt to solve the TLS-ALPN-01 challenge. It then drops the connection.
|
|
.Pp
|
|
In order to generate the self-signed certificate, it is required to specify both the
|
|
.Em domain name
|
|
to validate and the
|
|
.Em acmeIdentifier extension .
|
|
If one of those values is not specified using the available options, it is read from the standard input. When reading from the standard input, a new line character is expected at the end. In the case both values needs to be read from the standard input, the
|
|
.Em domain name
|
|
is read first, then the
|
|
.Em acmeIdentifier extension .
|
|
.Pp
|
|
The options are as follows:
|
|
.Bl -tag
|
|
.It Fl e, -acme-ext Ar STRING
|
|
The acmeIdentifier extension to set in the self-signed certificate.
|
|
.It Fl -acme-ext-file Ar FILE
|
|
File from which is read the acmeIdentifier extension to set in the self-signed certificate.
|
|
.It Fl -crt-digest Ar STRING
|
|
Set the certificate's digest algorithm. Possible values are:
|
|
.Bl -dash -compact
|
|
.It
|
|
sha256
|
|
.It
|
|
sha384
|
|
.It
|
|
sha512
|
|
.El
|
|
.It Fl -crt-signature-alg Ar STRING
|
|
Set the certificate's signature algorithm. Possible values depends on the cryptographic library support and can be listed using the
|
|
.Em --help
|
|
flag.
|
|
.It Fl d, -domain Ar STRING
|
|
The domain that is being validated.
|
|
.It Fl -domain-file Ar STRING
|
|
File from which is read the domain that is being validated.
|
|
.It Fl f, -foreground
|
|
Runs in the foreground.
|
|
.It Fl h, -help
|
|
Prints help information.
|
|
.It Fl i, -listen Ar host:port | unix:path
|
|
Specifies the host and port combination or the unix socket to listen on.
|
|
.It Fl -log-stderr
|
|
Prints log messages to the standard error output.
|
|
.It Fl -log-syslog
|
|
Sends log messages via syslog.
|
|
.It Fl -log-level Ar LEVEL
|
|
Specify the log level. Possible values: error, warn, info, debug and trace.
|
|
.It Fl -no-pid-file
|
|
Do not create any PID file
|
|
.It Fl -pid-file Ar FILE
|
|
Specifies the location of the PID file.
|
|
.It Fl V, -version
|
|
Prints version information.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr acmed.toml 5
|
|
.Sh STANDARDS
|
|
.Rs
|
|
.%A R.B. Shoemaker
|
|
.%D February 2020
|
|
.%R RFC 8737
|
|
.%T Automated Certificate Management Environment (ACME) TLS Application-Layer Protocol Negotiation (ALPN) Challenge Extension
|
|
.Re
|
|
.Sh AUTHORS
|
|
.An Rodolphe Bréard
|
|
.Aq rodolphe@breard.tf
|