acme-tiny is a minimal ACME client implemented as a single-file Python script that automates obtaining and renewing SSL/TLS certificates from a Certificate Authority using the Automated Certificate Management Environment (ACME) protocol. It relies on OpenSSL command-line tools for key generation and certificate signing request creation, and uses file-based HTTP validation to verify domain ownership by placing a token file on the web server. Designed for fully automated certificate lifecycle management, acme-tiny is intended to be executed periodically by a system scheduler like cron, checking certificate expiry and re-requesting certificates only when needed.
Its architecture is deliberately minimalist: a single Python script with no external dependencies beyond the standard library, a simple text file for configuration, and polling-based authorization wait. This design makes it straightforward to deploy, audit, and integrate into shell-based automation workflows without complex YAML or JSON configurations.
The tool handles automatic certificate renewal, provisioning certificates from a public CA such as Let's Encrypt, and ensures HTTPS certificates never expire by scheduling renewal checks. It functions as a lightweight ACME client suitable for resource-constrained or minimal systems.
As a single-file script, acme-tiny requires no installation process beyond downloading the file and ensuring Python 3 and OpenSSL are available.
