acmetool

acmetool is a command‑line utility that automates the acquisition and renewal of TLS certificates from ACME servers such as Let’s Encrypt. It operates independently of any specific web server, allowing you to integrate it with existing setups through port‑based challenges, webroot files, or a built‑in HTTPS redirector. The tool stores its state in a simple directory of flat files, making its operation transparent and idempotent, and it can run unattended via cron with the `--batch` flag.

The binary is a single, dependency‑free executable that supports both RSA and ECDSA keys, and it can import certificates created by the official Let’s Encrypt client. Notification hooks let you trigger custom scripts—commonly to reload a web server—whenever a new certificate is obtained. Optional non‑root operation is available for environments where privileged access is restricted.

Installation is provided through direct binary downloads for various platforms, as well as a Ubuntu/Debian PPA that supplies a ready‑to‑install package. The preferred certificate location is `/var/lib/acme/live/HOSTNAME/`, and the tool can automatically reload configured services after renewal.