npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@ironblood/certcli

v1.0.0

Published

An interactive CLI for requesting HTTPS certificates from Let's Encrypt using the ACME protocol

Downloads

7

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ironbloodironblood

Keywords

cliletsencryptacmecertificatescertificate requestcsr

Readme

certcli

This CLI tool is inspired by gethttpsforfree. If you're not familiar with that project, or if you don't know how to generate certificate signing requests (CSRs), probably you should use the official Let's Encrypt client instead, which can automatically issue and install HTTPS certificates for you.

This CLI is designed for people who know what they are doing and just want to get their HTTPS certificates more easily.

  • Sends ACME requests directly to Let's Encrypt (your private keys are NEVER sent anywhere).
  • Uses openssl to perform signing and key operations, make sure it's installed and in your $PATH.
  • Eliminates the need to manually copy-paste commands and signatures between your browser and terminal.
  • Supports both standard and wildcard domain names (e.g. example.com, *.example.com).
  • Prompts you only when necessary, such as:
    • Accepting the Terms of Service
    • Placing challenge files or DNS TXT records

Warning This is NOT a certbot-style fully automated tool.

It does NOT handle web server reconfiguration, restarts, or renewals.

Instead, it walks you through each step of the ACME flow in the terminal, ideal for users who want a transparent, hands-on process with fewer manual copy-paste steps.

Installation

Install globally via npm:

npm install -g @ironblood/certcli

Develop locally:

npm install
npm run build
npm link

If you make changes and rebuild, remember to mark the CLI entry as executable if you're on a *nix system:

chmod +x dist/cli.js

Usage

If you've created the files account.put, account.key, and domain.csr, you can run the CLI:

certcli \
  -p /path/to/account.pub \
  -k /path/to/account.key \
  -s /path/to/domain.csr  \
  -e [email protected]     \
  -c /path/to/domain.crt

You can set the environment variable https_proxy or HTTPS_PROXY to use a proxy server.

CLI options:

$ certcli -h
Usage: certcli [options]

Options:
      --version    Show version number                                 [boolean]
  -k, --priv_key   Path to your account private key          [string] [required]
  -p, --pub_key    Path to your account public key           [string] [required]
  -s, --csr        Path to the certificate signing request   [string] [required]
  -e, --email      Contact email                             [string] [required]
  -c, --cert_file  Path to save the certificate file                    [string]
  -d, --dry_run    Perform a dry run                                     [count]
  -h, --help       Show help                                           [boolean]

Examples:
  certcli -k account.key -p account.pub -s  Get a certificate and save to
  domain.csr -e [email protected] -c         `domain.crt`
  domain.crt
  https_proxy=http://localhost:8080         Using a HTTP proxy if the
  certcli ...                               connectivity to Let's Encrypt API is
                                            not stable

If you don't have the required files yet, here's how to create them:

# Generate an account private key if you don't have one.
# KEEP ACCOUNT.KEY SECRET!
openssl genrsa 4096 > account.key

# Generate the matching public key.
openssl rsa -in account.key -pubout > account.pub

# Generate a TLS private key (used by your web server) if you don't have one.
# KEEP YOUR TLS PRIVATE KEY SECRET, anyone who has it can man-in-the-middle your website.
openssl genrsa 4096 > domain.key

# Generate a CSR (certificate signing request) for the domains you want certs for.
# Replace `foo.com` with your domain. You can include multiple domains.
openssl req -new -sha256 -key domain.key -subj "/" \
  -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
  <(printf "\n[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com"))

Privacy

This CLI only communicates with letsencrypt.org, it starts by retrieving the ACME directory from the following hardcoded URL:

https://acme-v02.api.letsencrypt.org/directory

All subsequent request URLs are dynamically discovered through that directory, following the ACME protocol. All HTTP activity is encapsulated in lib.ts.

Your private key is never sent anywhere, it is only passed to openssl locally for signing operations.

Dependencies:

  • chalk - colorful terminal output
  • node-forge - CSR parsing to extract domains names
  • ora - elegant terminal spinner
  • undici - modern HTTP/1.1 client
  • yargs - command-line argument parsing

Unlike gethttpsforfree, this CLI does not use @lapo/asn1js.