This directory contains example config files that simulate certificate profiles used by Let's Encrypt for various key ceremonies in detail. The primary goal is to gather feedback prior to upcoming key ceremonies. The repository will also serve as a historical marker of past ceremonies detailing the evolution of the Let's Encrypt chain of trust.
To see generated certificate output for the upcoming ceremony without needing to run this tooling, see the outputs folder.
To try it out:
-
Install the
ceremonytool in your$PATH.go install https://github.com/letsencrypt/boulder/cmd/ceremony
-
Install SoftHSMv2.
sudo apt install softhsm2
-
Update the YAML files, if necessary, to reflect that path to your SoftHSMv2 install.
-
Execute the demo ceremony.
./reset.sh && ./run-all.sh -
If you're working on a specific branch of boulder making changes to the
ceremonytool and need to test an uncoming ceremony:export CEREMONY_BIN=/path/to/active/development/boulder/bin/ceremony ./run.sh