acme-redirect(1) General Commands Manual acme-redirect(1)

acme-redirect - Tiny http daemon that answers acme challenges and redirects everything else to https

acme-redirect [-v|--verbose] [-c /etc/acme-redirect.conf] [--config-dir /etc/acme-redirect.d] [--acme-email <acme-email>] [--acme-url https://acme-v02.api.letsencrypt.org/directory] [--chall-dir /run/acme-redirect] [--data-dir /var/lib/acme-redirect] <subcommand>

acme-redirect is a tiny http server that implements the ACME (Automated Certificate Management Environment) protocol and redirects everything else to https. It can run directly on port 80 and supports automatic issuance and renew of certificates out of the box with minimal configuration.

Runs the http daemon.

-B <bind-addr>, --bind-addr <bind-addr>

The address to listen on. Default is [::]:80.

--chroot

Chroot into the challenge directory.

--user <user>

Drop from root to this user.

acme-redirect daemon

Renew certificates that are about to expire and run the given commands to trigger a certificate reload.

-n, --dry-run

Do not actually do anything, just show what would happen.

--force-renew

Renew certificates even if they are not about to expire.

--skip-cleanup

Don't clean up old certs that are not live anymore.

--skip-restarts

Do not execute the configured exec commands.

<certs ...>

Only renew specific certs. If no certificate is selected explicitly, renew all certificates.

acme-redirect renew

Shows the certificates currently available and their expiry status.

acme-redirect status

You can simply run acme-redirect renew periodically. If you're using systemd you can use the systemd timer with:

systemctl enable --now acme-redirect-renew.timer

acme-redirect.conf(5), acme-redirect.d(5).

acme-redirect was originally written by kpcyrd and is hosted at https://github.com/kpcyrd/acme-redirect

2023-01-03