acme-redirect - Tiny http daemon that answers acme challenges and redirects everything else to https
acme-redirect [-v|--verbose] [-c /etc/acme-redirect.conf] [--config-dir /etc/acme-redirect.d] [--acme-email <acme-email>] [--acme-url https://acme-v02.api.letsencrypt.org/directory] [--chall-dir /run/acme-redirect] [--data-dir /var/lib/acme-redirect] <subcommand>
acme-redirect is a tiny http server that implements the ACME (Automated Certificate Management Environment) protocol and redirects everything else to https. It can run directly on port 80 and supports automatic issuance and renew of certificates out of the box with minimal configuration.
Runs the http daemon.
-B <bind-addr>, --bind-addr <bind-addr>
The address to listen on. Default is [::]:80.
Chroot into the challenge directory.
Drop from root to this user.
Renew certificates that are about to expire and run the given commands to trigger a certificate reload.
Do not actually do anything, just show what would happen.
Renew certificates even if they are not about to expire.
Don’t clean up old certs that are not live anymore.
Do not execute the configured exec commands.
Only renew specific certs. If no certificate is selected explicitly, renew all certificates.
Shows the certificates currently available and their expiry status.
You can simply run acme-redirect renew periodically. If you’re using systemd you can use the systemd timer with:
systemctl enable --now acme-redirect-renew.timer
acme-redirect was originally written by kpcyrd and is hosted at https://github.com/kpcyrd/acme-redirect