acme-redirect - Minimal http daemon that answers acme challenges and redirects
everything else to https
acme-redirect [-v|--verbose] [-c /etc/acme-redirect.conf] [--config-dir
/etc/acme-redirect.d] [--acme-email <acme-email>] [--acme-url
/run/acme-redirect] [--data-dir /var/lib/acme-redirect] <subcommand>
acme-redirect is a tiny http server that implements the ACME (Automated
Certificate Management Environment) protocol and redirects everything else to
https. It can run directly on port 80 and supports automatic issuance and
renew of certificates out of the box with minimal configuration.
Runs the http daemon.
-B <bind-addr>, --bind-addr <bind-addr>
The address to listen on. Default is
Chroot into the challenge directory.
Drop from root to this user.
Renew certificates that are about to expire and run the given commands to
trigger a certificate reload.
Do not actually do anything, just show what would
Renew certificates even if they are not about to
Don't clean up old certs that are not live anymore.
Do not execute the configured exec commands.
Only renew specific certs. If no certificate is selected
explicitly, renew all certificates.
Shows the certificates currently available and their expiry status.
You can simply run acme-redirect renew periodically. If you're using
systemd you can use the systemd timer with:
systemctl enable --now acme-redirect-renew.timer