Let’s Encrypt is a new certificate authority backedby Mozilla, Akamai, EFF, Facebook and others, which provides free, automatedSSL/TLS certificates. The public beta started on December 3, 2015 and a whole lot of certificates have been issued already:
Several clients to automate issuing, renewing and revoking certificates have been released both by the community and the Let’s Encrypt team. This post is an overview and comparison of 10 popular Let’s Encrypt clients:
Acme.sh is a simple, powerful and easy to use ACME protocol client written purely in Shell (Unix shell) language, compatible with b ash, dash, and sh shells. It helps manage installation, renewal, revocation of SSL certificates. It supports ACME version 1 and ACME version 2 protocols, as well as ACME v2 wildcard certificates. SFTPPlus provides on-premise server and client cross platform solutions for encrypted managed file transfer using SFTP/FTPS/HTTPS protocols. Enterprise secure data transfer with additional audit and automation for regulatory & corporate compliance across multi platforms including Windows, Linux and macOS.
- letsencrypt-auto, the official Let’s Encrypt client
- acme-tiny, a tiny semi-automatic Python implementation
- gethttpsforfree.com, a static website to assist the manual process
- simp_le, another Python implementation
- letsencrypt-nosudo, the predecessor of acme-tiny and gethttpsforfree
- acmetool, an ACME client in Go
- lego, an ACME client and library written in Go
- letsencrypt.sh, a Bash ACME client implemenation
- acme, ACME implementation in PHP
- lescript, a PHP library
SSL.com customers can now use the popular ACME protocol to request and revoke SSL/TLS certificates. ACME (Automated Certificate Management Environment) is a standard protocol for automated domain validation and installation of X.509 certificates, documented in IETF RFC 8555. As a well-documented standard with many open-source client. The two primary ways of getting Emacs onto your Mac are by either downloading it from Emacs For MacOS X or by installing it through homebrew using brew cask install emacs. I prefer the homebrew method as it automatically adds emacs and emacsclient to your $PATH. Using it from the command line is a breeze. I have this alias in my.bashrc. See full list on docs.microsoft.com.
ACME
The Automated Certificate Management Environment (ACME)protocol defines a way of automatically obtaining trusted certificateswithout human intervention. First, the control of a domain has to be proven,then the agent can request, renew and revoke certificates:
Certificates issued by Let’s Encrypt are valid for 90 days, and are expected to be renewed automatically. More background information can be found on the Let’s Encrypt - How It Works page.
At the time of writing, these rate limits has been in place:
- 10 Registrations per IP per 3 hours
- 5 Certificates per Domain per 7 days (incl. subdomains)
SSL Certificates & Signing
Obtaining a valid SSL certificate generally includes the following steps:
- You create a private and public key pair on the server.
- You create a Certificate Signing Request (CSR) which includes the domain name, organization name, the public key, and other information. The CSR is signed with your private key.
- You send the CSR to the certificate authority (in this case Let’s Encrypt).
- The certificate authority signs the request, thus producing a public certificate.
- You use the public certificate in your webserver.
For more information on configuring a webserver with certificates, check out these links:
- cipherli.st - Example configuration for Apache, nginx and Lighttpd
These tests are going to obtain a certificate for a domain such as www.example.com
and setting up automatic certificate renewal.
Domain ownership verification requires the ACME server being able to access a specific fileon the domain. To accomplish this, we assume a webserver is running and servesfiles from /var/www/htdocs/
(the webroot) and it’s subdirectories. For instance, a file at /var/www/htdocs/.well-known/acme-challenge/8303
should be accessible via www.example.com/.well-known/acme-challenge/8303
.
Official Let’s Encrypt Client
- github.com/letsencrypt/letsencrypt
- 4,355 commits, 131 contributors
- Mode: Automatic / Interactive / Manual
- License: Apache 2.0
- Language: Python
- Lines of code: 8,612 (core), ~16,000 (total)
- Dependencies: many
The official Let’s Encrypt client, letsencrypt-auto
, isa heavyweight, fully automated Python program with various modes of operation and installers (for instance to automagically update Apache and nginx configurations).
The standard client automatically installs various system dependencies via the standard package manager (see the source code and /bootstrap/), and sets up a virtualenv witha number of Python dependencies. The client is also available as a Docker image,which avoids the necessity to install packages system-wide.
In case of an error (eg. the ACME server is not reachable), the official client gracefully terminates with an info message.
The official Let’s Encrypt client also supports config files, which may beeasier to automate with a cronjob (see this postfor more infos).
- Official client, active community
- Well documented, and well tested
- Can do a lot of things, including server configs (experimental!)
- Accessible for non-technical users
- Complex program, many moving parts, hard to review
- Runs as root and installs dependencies without asking
Standard Installation
Obtaining a certificate
To obtain a certificate without stopping a running webserver, we are going to use the webroot method, whichonly requires write access for the webroot to save the authentication file.
This command creates the private and public keys, generate a certificate signing request, get the challenge from the ACME server, saves it to the webroot, and downloads the signed certificate in /etc/letsencrypt/live/example.com/
. The processis fully automated and results in the certificate and private key, ready to be used by your webserver.
Alternatively the offial Let’s Encrypt client includes a manual plugin, whichcan generate a certificate from another computer than the webserver(akin to gethttpsforfree.com or letsencrypt-nosudo).You can run this plugin with the command ./letsencrypt-auto certonly --manual
.
Renewal
To renew certificates automatically, simply add the --renew
parameter to the above command:
acme-tiny
- github.com/diafygi/acme-tiny
- 55 commits, 11 contributors
- Mode: Automatic / Semi-Automatic
- License: MIT
- Language: Python
- Lines of code: ~200
- Dependencies: None
Acme-tiny is a tiny Python script which assists with issuing and renewing certificates. You generatethe private key and create a certificate signing request (CSR) manually, and acme-tiny
handles the rest (submitting the CSRto the ACME server, receiving the authentication files, putting it in the acme-challenge folder and receiving the final certificate). The output of this script is the signed certificate.
- Documentation (in the README)
- Super simple, no dependencies
- Easy to embed in custom Python application
Installation
Obtaining a certificate
At this point chained.pem
contains the signed certificate chain and, along with domain.key
, can be used to run a http server(more infos).
Renewal simply requires running this script again with the same parameters.
gethttpsforfree.com
- github.com/diafygi/gethttpsforfree
- 70 commits, 10 contributors
- Mode: Semi-Manual
- License: MIT
- Language: HTML & JavaScript
- Lines of code: 1228 JS, 443 HTML
gethttpsforfree.com is a website which helps users to manually generate all the necessary information to create a certificate signing request (CSR), guiding a user through the whole ACME process:
- Manually create a public and private key.
- Manually create a certificate signing request (CSR).
- Manually sign a number of requests with the private key.
- Manually verify ownership by serving the signed requests (either through an existing webserver or a simple Python webserver).
- The website tells the ACME server to check for the verifications, and in case of success provides you with the signed certificate.
The website provides OpenSSL commands at each step, and waits for the output of the commands to be pasted back into the website to verify the success. The website never asks for any kind of private key. It can be saved and used locally without any server side logic.
- Works as advertised
- Static site allows to save and use later
simp_le
- github.com/kuba/simp_le
- 112 commits, 9 contributors
- Mode: Fully or Semi-Automatic
- License: GPLv3
- Language: Python
- Lines of code: 775 Python, 126 Shell Script, 41 YAML
- Dependencies: Some
simp_le
is an ACME client written in Python. It works similar to acme-tiny
, but canalso generate the private key and CSR automatically. Requires a small number of dependencies to be installed.
Installation
Obtaining a certificate
On success, this command produces 4 files: account_key.json
, cert.pem
, fullchain.pem
and key.pem
,which can be used from your webserver’s SSL configuration (see here for an example integration in Apache).
Renewal works by using the same command.
Exit codes:
- 0 if certificate data was created or updated;
- 1 if renewal not necessary;
- 2 in case of errors.
letsencrypt-nosudo
- github.com/diafygi/letsencrypt-nosudo
- 45 commits, 5 contributors
- Mode: Manual (assisted)
- License: AGPL
- Language: Python
- Lines of code: 400
- Dependencies: None
This program is a predecessor of acme-tiny and functionally equivalent to gethttpsforfree.com (made by the same author). The script guides you through the whole process and ask you do run all the necessary commands in the terminal.
You generate a private key and certificate signing request (CSR), then run sign_csr.py
to get the signed certificate. The script goes through the ACME protocol with the Let’s Encrypt certificate authority and outputs the signed certificate to stdout.
Installation
Obtaining a certificate
acmetool
- github.com/hlandau/acme
- 103 commits, 1 contributors
- Mode: Automatic / Interactive
- License: MIT
- Language: Go
- Lines of code: ~6,000
- Dependencies: None (Binary Release)
acmetool
is an ACME client written in Go, supporting automatic domain verification with webroot and standalone methods as well as an interactive wizard. acmetool stores credentials and certificates at /var/lib/acme/live/HOSTNAME/{cert,chain,fullchain,privkey}
by default and includes support to import certificates from the official client.
acmetool furthermore provides a reconcile
option which makes sure all desired hostnameshave valid certificates which don’t expire soon.
Installation
You can either get a binary release, or build from source as described in the Readme:
Obtaining a certificate
You need to set the webroot to /var/run/acme/acme-challenge
as describedin the docs, or use the proxy method. The command acmetool want
tries all available methods.
lego
- github.com/xenolf/lego
- 162 commits, 4 contributors
- Mode: Automatic
- License: MIT
- Language: Go
- Lines of code: ~2,000
- Dependencies: None (Binary Release)
Lego is an ACME library and standalone application written in Go. It can be downloaded asa binary release or build by yourself.
Running the standalone version requires the permission to bind to port 80 and 443,which conflicts with a webserver which is already running.
Installation
Obtaining a certificate
letsencrypt.sh
- github.com/lukas2511/letsencrypt.sh
- 111 commits, 6 contributors
- Mode: Automatic
- License: Unspecified
- Language: Shell Script (Bash)
- Lines of code: ~600 (Bash)
- Dependencies: None / OpenSSL, curl, sed
Installation
Obtaining a certificate
Create a file called domains.txt
which contains the domains and subdomains you want togenerate certificates for:
This requests two certificates, for example.com and example.net. The other domains in the corresponding line are their alternative names.
letsencrypt.sh
writes the challenge files by default into the directory '${SCRIPTDIR}/.acme-challenges'
. To adjust this to your webroot, you need to create a config file (config.sh
) with another $WELLKNOWN
path (see config.sh.example):
Then simply run letsencrypt.sh
(⇾ show output).
acme-client
- github.com/kelunik/acme-client
- 3 commits, 1 contributors
- Mode: Automatic
- License: MIT
- Language: PHP (7)
- Lines of code: ~400
- Dependencies: Few
acme-client
is an ACME client written in PHP, built on top of the acme PHP library by the same author.
It requires PHP 7 and composer to install it’s dependencies.
Installation
Obtaining a certificate
lescript
- github.com/analogic/lescript
- 3 commits, 1 contributors
- Mode: Automatic
- License: BSD
- Language: PHP
- Lines of code: ~450
- Dependencies: PHP 5.4.8+ with OpenSSL and curl extension
lescript
is a very simplistic PHP ACME client library, with an example CLI wrapper.
Installation
Obtaining a certificate
Use the library as shown in _example.php.
Client | User Mode | Deps. | Language | LOC | License | Capabilities | Domain Authentication |
---|---|---|---|---|---|---|---|
Official Let's Encrypt Client (Docs) | Automatic / Interactive / Manual | Many | Python | ~8.600 | Apache 2.0 | Issue, Renew, Revoke, Server Config | Webroot, Standalone, Manual |
acme-tiny | Automatic / Semi-Automatic | None | Python | ~200 | MIT | Issue, Renew | Webroot |
gethttpsforfree .com (Source) | Semi-Manual | None | HTML/JS | ~1200 | MIT | Issue, Renew | Webroot |
simp_le | Automatic / Semi-Automatic | Some | Python | ~800 | GPLv3 | Issue, Renew, Revoke | Webroot |
letsencrypt-nosudo | Manual (assisted) | None | Python | ~400 | AGPL | Issue, Renew, Revoke | Standalone |
acmetool | Automatic / Interactive | None | Go | ~6,000 | MIT | Issue, Renew | Webroot, Standalone |
lego | Automatic | None | Go | ~2,000 | MIT | Issue, Renew, Revoke | Standalone |
letsencrypt.sh | Automatic | None | Bash | ~600 | ? | Issue, Renew, Revoke | Webroot |
acme-client | Semi-Automatic | Some (incl. PHP 7) | PHP | ~400 | MIT | Issue, Renew, Revoke | Webroot |
lescript | Semi-Automatic | None | PHP | ~450 | BSD | Issue, Renew | Webroot |
If you have suggestions or feedback, please let me know via @metachris.
Get AnyDesk for macOSNo email, registration or installation required!
Access and edit data and settings on remote computers or servers with AnyDesk remote desktop for Mac. Enjoy seamless connectivity and a simple set-up. Offer remote support to your customers. Whether connecting to other Mac based systems, or desktops running Windows or Linux, you can count on AnyDesk’s stable operation and cross-compatibility.
AnyDesk for Mac provides the features and tools you need to connect with desktops or servers in any location. Our remote desktop app ensures a stable, secure, and super-fast connection. It can be individually tailored to your specific operations, thanks to flexible license models. Set up is quick and simple.
Stable and Secure – The AnyDesk Remote Desktop for macOS
The macOS desktop client from AnyDesk brings high frame rates and low latency, amounting to reliable stability and breathtaking speed. AnyDesk’s proprietary DeskRT codec compresses and transfers image data efficiently without loss of quality and ensures near-instant response times.drop support:
Address book supports moving and copying items via drag'n'drop. Create desktop shortcuts for AnyDesk sessions via drag'n'drop
'Auto-adapt Resolution' option in Display menu is now supported.
AnyDesk doesn't light up the remote screen when only 'File Manager' feature is used.
Privacy feature availability is now properly reported for older macOS versions.
Error which prevented some customers from accessing Address Book is fixed. Error which prevented some customers from accessing Address Book is fixed.
12 Nov 2020
- Support for new macOS:
Added support for new macOS 11 Big Sur. - Support for new hardware:
Added support for new Apple Silicon hardware. - File manager layout bug:
Fixed issue with File Manager UI layut under certain situations. - Fixes:
Fixed couple of small bugs.
7 Oct 2020
- Session recording:
Separated settings for incoming and outgoing automatic session recording. - Security improvement:
Security improved for configurations with AnyDesk service installed. - Remote mouse cursor shape:
Fixed bug when remote mouse cursor has a wrong shape when using specific applications.
22 Sep 2020
- Important - end of support for macOS 10.10 (Yosemite):
Version 6.0.2 is the last to support macOS 10.10 (Yosemite). We strongly recommend upgrading to newer macOS version in order to receive further AnyDesk updates. - Settings improvement:
Improved Settings for Interactive access. - User interface fixes:
Fixed menu actions for File Transfer and VPN sessions. Main window startup position issue fixed. Main window startup position issue fixed. - Screen recording permissions:
Fixed Screen Recording permission detection for Chinese users.
26 Aug 2020
- Improved iOS support:
Support for improved connections to iOS devices. - Speed dial bugfix:
Fixed disabled context menu on Speed Dial items.
6 Aug 2020
- Two-Factor Authentication:
When enabled, an additional dialog will be shown after authentication by password or token, requesting a time-based one-time password provided by a third device. This feature requires an app supporting TOTP.. - Wake-on-Lan:
When enabled, devices running AnyDesk that are currently in sleep mode can be woken up by other AnyDesk devices in the same local network. - Speed dial improvement:
Hide individual item groups in Speed Dial. - Keyboard layout:
Fixed bug when keyboard layout does not match to input into Unattended Access password dialog. - Speed dial bugfix:
Fixed issue which prevented renaming of Speed Dial items. - Incorrect online state:
Fixed issue when sleeping mac reported incorrect online state. - Important - support for macOS 10.10 (Yosemite):
We plan to discontinue macOS 10.10 (Yosemite) support soon. We strongly recommend upgrading to newer macOS version.
17 Jul 2020
- VPN connection:
With this mode two PCs can be put into a private network over a secured connection. - Support for 2FA:
Added support for connecting to Two-factor authentication enabled hosts. - TCP tunnel automated action:
Run user script when TCP tunnel is connected. - Installation procedure:
Drag'n'drop to Applications folder installation method is offered by default now (legacy install method is still supported). - New menu option:
Install Anydesk Service menu option added. - Support for macOS Big Sur beta:
Fixed application crash on macOS Big Sur beta. - Fixes:
Fixed couple of small bugs.
15 Jun 2020
- Bugfix:
Fixed software update notification.
10 Jun 2020
- Address Book view mode:
Thumbnail view mode has been added to Address Book. - Split Full Screen experience:
Split Full Screen experience enabled for Connection Window and Address Book. - Automatic startup:
Option to disable automatic startup of AnyDesk has been added. - Compatibility with mobile devices:
Keyboard input from mobile devices improved. - Connection type icon:
Connection type icon is now displayed correctly. - Fixes:
Fixed couple of small bugs.
7 May 2020
- Access Control List:
New feature Access Control List (or white list for incoming connections) is now available. - Multiple sessions:
Added support for multiple session windows. - Address Book:
Address Book improved for better usability. - Privacy permissions:
Improved macOS privacy permissions handling. - Compatibility:
Improved compatibility with 3rd party software. - Fixes:
Fixed couple of small bugs.
21 Apr 2020
- Crash bugfix:
Fixed a crash when user account picture is not set.
17 Apr 2020
- TCP Tunnels:
New TCP Tunneling (or Port-Forwrding) feature added. - Address Book new design:
Address Book has been completely redesigned for easier usage. - Start/Stop of session recording:
It is now possible to start/stop recording during the active session. - New information windows:
Added new System Information window and redesigned the About window. - Discovery feature security:
Significantly improved security of Discovery feature. - Accept window security:
Significantly improved security of Accept window. - Power usage improvement:
Optimised power usage for mac laptops. - Improved mouse scrolling:
Mouse scroll sensitivity adjusted. - Remote restart:
Fixed remote restart issue on some configurations. - UI bug fixes:
Fixed Password change UI for unattended access. Fixed Proxy configuration settings UI.
2 Apr 2020
- Error handling:
Improved error handling. - Privacy permissions:
Better macOS privacy permissions handling.
7 Feb 2020
- Enhanced usability:
Host key option allows users to use Right Command key to control the local macOS while connected to remote device. - Improved compatibility with Android devices:
Added support for Home and Back buttons when connected to Android device. - Installer improvement:
Reduced number of user password requests in AnyDesk installer. - AnyDesk remote update:
Fixed issue when user is not able to reconnect after updating AnyDesk remotely. - Custom Client on Yosemite:
Fixed crash on macOS 10.10 Yosemite related to custom AnyDesk configurations. - Fixes:
Fixed couple of small bugs.
14 Jan 2020
- File manager:
File Manager upload function fixed. - Reconnect after AnyDesk update:
Fixed issue when user unable to reconnect after installing AnyDesk update. - Connection retry attempt:
Fixed crash on multiple connection retry attempt. - Keyboard input:
Improved keyboard input handling. - Fixes:
Fixed couple of small bugs.
11 Dec 2019
- Accept window minimize:
It is now possible to minimize the Accept window into the Dock. - Installation process:
Installation process has been improved. - Recent sessions list:
Fixed display of client name in recent sessions list. - Remove displays:
Fixed indicator of remote displays. - Chat:
Fixed crash on incoming chat message. - Fixes:
Fixed couple of small bugs.
4 Dec 2019
- New Privacy feature:
Enabling privacy mode during a session will turn off the monitor on the remote side so the screen content is hidden. - Blocking user input:
Mouse and keyboard input can now blocked for the computer being controlled. - Automatic screen lock:
New option to automatically lock remote screen when session ended. - Fixes:
Fixed couple of small bugs.
18 Nov 2019
- Fixes:
Fixed couple of small bugs.
5 Nov 2019
- Fixes:
Fixed couple of small bugs.
21 Oct 2019
- New features:
Incoming connections are now displayed in the AnyDesk Dock icon - Bugfix:
Fixed issue when user is unable to reconnect to macOS Catalina and Mojave after remote restart. - Fixes:
Fixed couple of small bugs.
10 Oct 2019
- Fixes:
Fixed update function in new version notification and minor bugfixes.
8 Oct 2019
- Fixes:
Fixed crash on macOS 10.15 Catalina for remove keyboard input.
Acme Client For Macos 7
8 Oct 2019
- New features:
Added Discovery feature and better support for macOS 10.15 Catalina - Fixes:
Minor bugfixes
6 Jun 2019
- Redesign:
New user interface design. - Fixes:
Minor bugfixes.
12 Oct 2018
- File manager:
File Manager now available on macOS. - Screenshots:
Screenshots are now stored to the Desktop. - Speed Dial items:
Solved loss of Speed Dial items issue.
13 Jul 2018
- Enhanced Usability:
Implemented custom context menu for AnyDesk ID (claim alias, show alias/show id, copy address). - Claim Alias now available:
Implemented claim alias feature for macOS, users can now choose an alias. - Keyboard Usability:
During a session, the hotkeys of macOS are disabled locally so they can be transmitted to the remote side. - Incoming file manager session refreshes:
Folder content was not refreshed on the remote side on copying files. The file manager view now refreshes automatically. - Compatibility for file manager session:
Incoming file transfer sessions did not allow to change directory to folders containing a space character. - Usability:
Select and Copy using Command+C now works on the AnyDesk ID. - Keep session alive:
AnyDesk now prevents macOS from going to sleep mode when there is an active session. - Request elevation improved:
Fixed an issue in the request elevation feature.
14 Jun 2018
- Fixed Bug:
In some cases, the installation did not work at the first attempt. This should now always succeed on the first entry of the admin password. - Fixed Bug:
The clipoard did not work when connecting to macOS. The clipboard should now work in any case, including clipboard file transfer. Please click the file button at the top of the AnyDesk window in order to receive files from the clipboard on macOS. - Fixed Bug:
Improved stability. - Fixed Bug:
Removed the warning that the file is downloaded from the internet.
11 Apr 2018
- Address Book:
The macOS version now supports your license’s shared address books. - Session recording and playback:
Implemented recording and playback of sessions. - Connect to the login screen:
The macOS version also runs as a service and supports connections to the login screen, full unattended access, and user switching.
By downloading and using AnyDesk, you accept our license agreement and our privacy statement.
Acme Client For Macos X
Please consider taking our survey to help us make AnyDesk even better!
Cached
If the download does not start automatically, please click the Download link below.