最近更新: | 所有文档
Let’s Encrypt 使用 ACME 协议来验证您对给定域名的控制权并向您颁发证书。 要获得 Let’s Encrypt 证书,您需要选择一个要使用的 ACME 客户端软件。
下列 ACME 客户端由第三方提供。 Let’s Encrypt 不控制或审查第三方客户端,也不能保证其安全性或可靠性。
您也可以使用某些浏览器(网页版)ACME 客户端,但我们不会在此列出这些客户端,因为它们会鼓励您手动进行续期,从而导致用户体验不佳并增加错过续期的风险。
推荐客户端:Certbot
我们建议大多数人从 Certbot 客户端开始。 它既可以只为您获取证书,也可以帮助您获取并安装证书。 它易于使用,适用于许多操作系统,并且具有出色的文档。
如果 Certbot 不能满足您的需求,或者您只是想尝试其他软件,那么下面有更多的客户端可供选择,这些客户端按照编写所用的语言或是使用环境排序。
其他客户端
下列客户端均支持 ACMEv2 API (RFC 8555)。 2021 年 6 月起我们已彻底废除 ACMEv1。 如果您使用的客户端在该列表中,请确保您将其升级到最新版本。 如果下面没有列出您正在使用的客户端,则该客户端有几率不支持ACMEv2 API,请与项目维护者联系或更换其他客户端。
Bash
- GetSSL (bash, also automates certs on remote hosts via ssh)
- acme.sh (Compatible to bash, dash and sh)
- dehydrated (Compatible to bash and zsh)
- ght-acme.sh (batch update of http-01 and dns-01 challenges is available)
- bacme (simple yet complete scripting of certificate generation)
- wdfcert.sh (Only supports DNS-01 challenges and ECDSA-384 bit keys for both accounts and certificates, native Joker DNS support including wildcard plus roor domain support for single-TXT-record DNS providers)
C
- OpenBSD acme-client
- uacme
- acme-client-portable
- Apache httpd Support via the module mod_md.
- mod_md Separate, more frequent releases of the Apache module.
- CycloneACME (client implementation of ACME dedicated to microcontrollers)
C++
- acme-lw
- esp32-acme-client allows IoT devices to get certificates
Clojure
Configuration management tools
- Ansible acme_certificate module
- Terraform ACME Provider
- Ansible collection: acme (ACME V2 integration with acme_certificate module. Supports multiple providers for challenges)
D
Domino
- CertMatica (ACME certificate installation and renewals for HCL Domino™ servers)
- HCL Domino (Full ACME V2 flow integration for HCL Domino™ servers)
Docker
Go
- Caddy
- Lego
- acmetool
- Lets-proxy2 (Reverse proxy to handle https/tls)
- autocert
- Traefik
- ACMEz
- Step CLI
- J8a (Reverse proxy for JSON APIs with auto-renewing TLS 1.3)
- certmanager (Supports certificate sharing across instances/pods and split-horizon DNS with acme-proxy)
HAProxy
Java
Kubernetes
Lua
- Mako Server's ACME Plugin The plugin’s main objective is to provide certificates for servers on private networks.
Microsoft Azure
- Azure WebApp SSL Manager (Serverless, Compatible with any App Service, requires Azure DNS)
- App Service Acmebot (Compatible to Azure Web Apps / Functions / Web App for Containers)
- Key Vault Acmebot (Work with Azure Key Vault Certificates)
- Az-Acme (The simplest ACME Issuer for Azure Key Vault)
nginx
- njs-acme JavaScript library compatible with the ‘ngx_http_js_module’ runtime (NJS), allows for the automatic issue of TLS/SSL certificates for NGINX without restarts
- lua-resty-auto-ssl
- Nginx ACME
- lua-resty-acme
Node.js
- Greenlock for Express.js
- acme-http-01-azure-key-vault-middleware (Express middleware for storing certificates securely on Azure Key Vault)
OpenShift
Perl
- acme (Simple json config, autogen keys, issue cert, refresh cert, apache/nginx integration)
- Crypt::LE
PHP
- kelunik/acme-client
- Hiawatha
- FreeSSL.tech Auto
- Yet another ACME client
- itr-acme-client PHP library
- Acme PHP
- RW ACME client
Python
- ACME Tiny
- simp_le
- acmebot
- sewer
- acme-dns-tiny (Python 3)
- Automatoes ACME V2 ManuaLE replacement with new features
- acertmgr
- acme-cert-tool
- serverPKI PKI for internet server infrastructure, supporting distribution of certs, FreeBSD jails, DNS DANE support
- acmetk acmetk is an ACMEv2 proxy to centralize certificate requests and challenges within an organisation and direct them using a single account to Let’s Encrypt or other ACMEv2 capable CA’s.
Ruby
- unixcharles/acme-client
- acme-distributed
- Combine-acme: Generate and upload crt to CloudFlare(enterprise) and GCP.
Rust
Windows / IIS
- Crypt::LE (previously ZeroSSL project)
- win-acme (.NET)
- Posh-ACME (PowerShell)
- Certes
- ACME-PS (PowerShell)
- kelunik/acme-client (PHP)
- Certify The Web (Windows)
- WinCertes Windows client
- GetCert2 (simple GUI - .Net, C#, WPF, WCF)
- TekCERT (GUI, CLI)
Server
- Certera (Crossplatform PKI to centrally manage keys and certificates)
库
4D
- acme component ACME Client v2 for 4D v18+
C++
- acme-lw
- esp32-acme-client allows IoT devices to get certificates
D
Delphi
- DelphiACME (Embarcadero Delphi)
Go
- Lego
- acmetool
- eggsampler/acme
- ACMEz
- certmanager (Supports certificate sharing across instances/pods and split-horizon DNS with acme-proxy)
Java
.NET
- Certes (.NET Standard)
- PKISharp/ACMESharpCore (.NET Standard)
Node.js
Perl
- acme (Simple json config, autogen keys, issue cert, refresh cert, apache/nginx integration)
- Crypt::LE
- Net::ACME2
- wdfcert.sh (Only supports DNS-01 challenges and ECDSA-384 bit keys for both accounts and certificates, native Joker DNS support including wildcard plus roor domain support for single-TXT-record DNS providers)
PHP
- kelunik/acme
- ACMECert PHP library
- LEClient PHP library
- le-acme2-php library
- stonemax/acme2 PHP client
- Acme PHP Library
Python
Ruby
Rust
集成了 Let’s Encrypt 的项目
- Aegir
- Aerys
- Apache HTTP Server
- ApisCP
- Caddy
- CentminMod LEMP Stack
- Certhub
- Cloudfleet
- Cloudron
- cPanel
- Froxlor Server Management Panel
- Gitlab
- ISPConfig
- LiveConfig Hosting Control Panel
- Mail-in-a-Box
- Own-Mailbox
- pfSense
- Plesk Web Hosting Control Panel
- Ponzu CMS
- ruxy
- SWAG - Secure Web Application Gateway
- Synchronet BBS System
- Vesta Control Panel
- Virtualmin Web Hosting Control Panel
- WildFly Application Server
- Zappa
- Proxmox Virtual Environment
添加客户端/项目
如果您知道在以上列表中没有列出的 ACME 客户端或集成了 Let’s Encrypt 的项目,您可以在我们网站的 GitHub 代码仓库中更新 data/clients.json 文件并提交拉取请求(Pull Request)。
在提交拉取请求之前,请确保:
- 该客户端尊重 Let’s Encrypt 商标政策。
- 该客户端不是基于浏览器使用的,并且支持自动续期。
- 该客户端的自动续期时间点是随机的,或鼓励按这种方式配置。
- 您的提交把该软件加至相关列表的末尾(如果该软件支持 ACMEv2 协议,请不要忘记添加“acme_v2”)。
- 您的提交更新了
clients.json顶部的lastmod日期戳。