# diafygi/acme-tiny **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/diafygi-acme-tiny).** 4,781 stars · 575 forks · Python · mit ## Links - GitHub: https://github.com/diafygi/acme-tiny - awesome-repositories: https://awesome-repositories.com/repository/diafygi-acme-tiny.md ## Description acme-tiny is a minimal ACME client implemented as a single-file Python script that automates obtaining and renewing SSL/TLS certificates from a Certificate Authority using the Automated Certificate Management Environment (ACME) protocol. It relies on OpenSSL command-line tools for key generation and certificate signing request creation, and uses file-based HTTP validation to verify domain ownership by placing a token file on the web server. Designed for fully automated certificate lifecycle management, acme-tiny is intended to be executed periodically by a system scheduler like cron, checking certificate expiry and re-requesting certificates only when needed. Its architecture is deliberately minimalist: a single Python script with no external dependencies beyond the standard library, a simple text file for configuration, and polling-based authorization wait. This design makes it straightforward to deploy, audit, and integrate into shell-based automation workflows without complex YAML or JSON configurations. The tool handles automatic certificate renewal, provisioning certificates from a public CA such as Let's Encrypt, and ensures HTTPS certificates never expire by scheduling renewal checks. It functions as a lightweight ACME client suitable for resource-constrained or minimal systems. As a single-file script, acme-tiny requires no installation process beyond downloading the file and ensuring Python 3 and OpenSSL are available. ## Tags ### Security & Cryptography - [ACME Certificate Provisioners](https://awesome-repositories.com/f/security-cryptography/acme-certificate-provisioners.md) — Uses the ACME protocol to request and retrieve signed certificates from a public Certificate Authority. ([source](https://github.com/diafygi/acme-tiny#readme)) - [ACME Clients](https://awesome-repositories.com/f/security-cryptography/acme-clients.md) — Implements the ACME protocol to automatically obtain and renew SSL/TLS certificates from a CA. - [OpenSSL-Based Clients](https://awesome-repositories.com/f/security-cryptography/acme-clients/openssl-based-clients.md) — Relies on OpenSSL command-line tools for generating private keys and certificate signing requests. - [Certificate Renewal Managers](https://awesome-repositories.com/f/security-cryptography/certificate-renewal-managers.md) — Automatically checks certificate expiry and renews certificates before they expire. ([source](https://github.com/diafygi/acme-tiny#readme)) - [HTTP Validation Tools](https://awesome-repositories.com/f/security-cryptography/http-validation-tools.md) — Verifies domain ownership by placing a token file on the web server for the CA to fetch. - [OpenSSL-Driven CSR Tools](https://awesome-repositories.com/f/security-cryptography/openssl-driven-csr-tools.md) — Uses OpenSSL command-line tools for generating private keys and certificate signing requests. - [SSL Certificate Automation](https://awesome-repositories.com/f/security-cryptography/ssl-certificate-automation.md) — Automates the lifecycle of SSL/TLS certificates using the ACME protocol.