This guide provides a quick setup for requesting a TLS certificate with acmed. First, we generate our private key: cpu% ramfs -p cpu% cd /tmp cpu% auth/rsagen -t 'service=acme role=sign hash=sha256 acct=username@example.com' > username@example.com.key Next, we generate the public key, formatted as a JSON Web Key: cpu% auth/rsa2jwk username@example.com.key > /sys/lib/tls/acmed/username@example.com.pub We store our private key into secstore, then factotum: cpu% auth/secstore -g factotum secstore password: cpu% cat username@example.com.key >> factotum cpu% auth/secstore -v -p factotum secstore password: cpu% read -m factotum > /mnt/factotum/ctl We next generate a private key for the host, and set the proper file permissions, and copy it into /sys/lib/tls/acmed/: cpu% auth/rsagen -t 'service=tls owner=*' > example.com.key cpu% chmod 600 username@example.com.key example.com.key cpu% cp username@example.com.key example.com.key /sys/lib/tls/acmed/ We generate a certificate signing request, then create the .well-known/acme-challenge directory, then pass the CSR to acmed: cpu% auth/rsa2csr 'CN=example.com' /sys/lib/tls/acmed/example.com.key >/sys/lib/tls/acmed/example.com.csr cpu% mkdir -p /usr/$user/www/example.com/.well-known/acme-challenge cpu% webfs; auth/acmed -t http -o /usr/$user/www/example.com/.well-known/acme-challenge username@example.com /sys/lib/tls/acmed/example.com.csr >/sys/lib/tls/acmed/example.com.crt If all went well, you should find the certificate in /sys/lib/tls/acmed/example.com.crt