acme-lw-d 0.2.0

A lightweight ACME protocol client written in the D computer language

To use this package, run the following command in your project's root directory:

Manual usage
Put the following dependency into your project's dependences section:

Lightweight ACME Client written in the D computer language

This project is yet another Let's Encrypt client. It has the following properties.

  • It is written in the D computer language.
  • A commandline tool provides all operations of RFC855 as best as possible
  • It hast ddox and unittest support.


  • Automatic Certificate Management Environment (ACME)
  • JSON Web Key (JWK) Thumbprint
  • JSON Web Algorithms (JWA)
  • JSON Web Signature (JWS)
  • Hypertext Transfer Protocol (HTTP)
Building and Installing

Building requires dub, openssl and curl. On Debian based systems you can install them with:

apt-get install dub libssl-dev libcurl4-gnutls-dev

On Red Hat based systems use this:

yum install dub openssl-devel curl-devel

To build and install run:

dub build

To run the unittests:

dub test

Run it as a dub package:

dub fetch acme-lw-d
dub run acme-lw-d -- -h
Let's Encrypt Credentials

To use any Let's Encrypt client you need to sign requests with your Let's Encrypt's account's private key. This library uses a private key in PEM format. If you want to use an existing Let's Encrypt private key, it's in JWK format. The acme-tiny library has good documentation on how to convert it.

Create a SSL key pair with:

openssl genrsa -out key.pem 2048

Otherwise the client will create a new key, if the given file doesn't exist.

Command Line Client

The command line client is run as follows:

$ ./acme-lw-d
Usage: acme_client <options>
-k            --key Required: The path to private key of ACME account. (PEM file)
-p      --domainkey Required: The path to your private key for X509 certificates (PEM file)
-d         --domain Required: A domain name. Can be given multiple times. First entry will be subject name.
-c        --contact Required: A contact for the account. Can be given multiple times.
-o         --output Required: The output file for the PEM encoded X509 cert
-w --setupchallange Required: Programm to call to setup a challange
-b           --bits           RSA bits to use for keys. Used on new key creation
-y          --agree           Agree to TermsOfService, when creating the account.
-s        --staging           Use the staging server for initial testing or developing
           --server           Alternate ACME server directory url
-v        --verbose           Verbose output
-h           --help           This help information.

  $ ./acme-lw-d -k key.pem -p domain.key -o domain.pem \
       -d -d \
       -c "mailto:[email protected]" \
       -w "./examples/" \
       -y -v -b {rsa2048|rs4096}

  RS keys will be created on first run and stored on disk. They are reused
  when existing.

  The setup-challange script is called with the challange type, the filename
   and token. Right new, only http challange is supported (FIXME).
Library API

The API of the library is documented with ddox:

dub run -b ddox

All methods report errors by throwing some exception, which will normally be an instance of acme.AcmeException.



  • Cleanup output with respect to -v option
  • Implement account deactivation


  • Implement 7.3.4. External Account Binding
  • Implement 7.3.5. Account Key Rollover
  • Implement 7.3.6. Account Deactivation
  • Implement 7.4.1. Pre-authorization

Nice to have:

  • Split code into a library package and an optional CLI client, which uses the library package.
  • Carsten Schlote
0.2.0 2019-Jul-07
0.1.9 2019-Jun-25
0.1.8 2019-Jun-23
0.1.7 2019-Jun-10
0.1.6 2019-Jun-10
Show all 15 versions
Download Stats:
  • 0 downloads today

  • 0 downloads this week

  • 0 downloads this month

  • 29 downloads total

Short URL: