diafygi/acme-tiny

acme-tiny is a small Python script, under 200 lines, that gets a free HTTPS certificate from Let's Encrypt and renews it automatically. Let's Encrypt is a free certificate authority that lets website owners prove they control a domain and receive a certificate that browsers trust. The script handles that proof-and-issuance process without requiring a large software installation. The way it works is roughly: you generate a private key for your account and a separate private key for your domain, create a certificate request file, configure your web server to serve a small verification file that Let's Encrypt will check, run the script, and it returns a signed certificate you install in your web server settings. The README walks through each of those six steps with example commands for the terminal. Because the script runs on your server and has access to your private account key, the author explicitly recommends reading the source code before trusting it with those credentials. The entire script being under 200 lines makes that audit realistic for anyone comfortable reading Python. Let's Encrypt certificates expire every 90 days. To handle renewals without manual work, the README shows how to set up a scheduled task that runs the script once a month and automatically reloads the web server afterward. The project has no dependencies beyond Python itself and the openssl command-line tool, which is already present on most Linux servers. It is aimed at developers and server administrators who want a minimal, transparent tool rather than a full certificate management client. The README notes that if you are not comfortable with concepts like private keys and certificate signing requests, the official Let's Encrypt client may be a better fit.