TACD(8) System Manager’s Manual TACD(8)
NAME
tacd — TLS-ALPN Challenge Daemon
SYNOPSIS
tacd [−e|--acme-ext STRING] [−-acme-ext-file FILE] [−-crt-digest STRING] [−-crt-signature-alg STRING] [−d|--domain STRING] [−-domain-file STRING] [−f|--foreground] [−h|--help] [−l|--listen host:port] [−-log-stderr] [−-log-syslog] [−-log-level LEVEL] [−-no-pid-file] [−-pid-file FILE] [−V|--version]
DESCRIPTION
tacd is a server that will listen to incoming Transport Layer Security (TLS) connections and, if the acme-tls/1 protocol has been declared during the Application-Layer Protocol Negotiation (ALPN), present a self-signed certificate in order to attempt to solve the TLS-ALPN-01 challenge. It then drops the connection.
In order to generate the self-signed certificate, it is required to specify both the domain name to validate and the acmeIdentifier extension. If one of those values is not specified using the available options, it is read from the standard input. When reading from the standard input, a new line character is expected at the end. In the case both values needs to be read from the standard input, the domain name is read first, then the acmeIdentifier extension.
The options are as follows:
−e, −-acme-ext STRING
The acmeIdentifier extension to set in the self-signed certificate.
−-acme-ext-file FILE
File from which is read the acmeIdentifier extension to set in the self-signed certificate.
−-crt-digest STRING
Set the certificate’s digest algorithm. Possible values are:
−
sha256
−
sha384
−
sha512
−-crt-signature-alg STRING
Set the certificate’s signature algorithm. Possible values depends on the cryptographic library support and can be listed using the --help flag.
−d, −-domain STRING
The domain that is being validated.
−-domain-file STRING
File from which is read the domain that is being validated.
−f, −-foreground
Runs in the foreground.
−h, −-help
Prints help information.
−i, −-listen host:port | unix:path
Specifies the host and port combination or the unix socket to listen on.
−-log-stderr
Prints log messages to the standard error output.
−-log-syslog
Sends log messages via syslog.
−-log-level LEVEL
Specify the log level. Possible values: error, warn, info, debug and trace.
−-no-pid-file
Do not create any PID file
−-pid-file FILE
Specifies the location of the PID file.
−V, −-version
Prints version information.
SEE ALSO
acmed.toml(5)
STANDARDS
R.B. Shoemaker
,
Automated Certificate Management Environment (ACME)
TLS Application-Layer Protocol Negotiation (ALPN) Challenge
Extension ,
RFC 8737 ,
February 2020 .
AUTHORS
Rodolphe Bréard 〈[email protected]〉 GNU Dec 19, 2022 TACD(8)