Automated SSL Certificate Distribution System (ASCEDS)
is a distribution system for certificates 
which can be obtained from a provider offering an ACME interface. 
The system defines a site containing:
* one certificate manager which can get SSL certificates for wilcard 
  hostnames in a set of domains through certbot;
* a set of managed clients getting automatic certificate renewal or
  reconfiguration of SANs; services using certificates are 
  reconfigured/restarted automatically upon renewal;
* a web interface handling certificates for managed or unmanaged
  clients.

ASCEDS was developed by Florin Manolache at Carnegie Mellon University 
for interfacing certbot with InCommon SSL certificates, 
and automatically distributing them to the servers on the network.
ASCEDS is released under GPLv2 or any later version.

Other contributors:
Jaime Hablutzel <hablutzel1@gmail.com> - code and docs patches ver 1.4.1

-------------------------------------------------

Quick start:

Case 1: On the certificate manager:
* install and configure dependencies: snap, certbot, apache2/httpd
* install asceds
* initialize the certificate manager: 
     asceds-certmanager-setup [-s <cert_manager>]
* configure the client (Case 2 below) using the root/sudo choice
* customize the website: 
  * edit the apache2/httpd site configuration file typically in
    /etc/apache2/sites-available/asceds.conf
  * decide on the authentication and add the right .htaccess
    (see examples in /usr/share/doc/asceds/examples/site-*)
  * edit the web php configuration in /usr/share/asceds/etc/config.php
    (see examples in /usr/share/doc/asceds/examples/php-etc)
  * enable the website on the webserver: e.g. a2ensite asceds
* add authorized users: asceds-web-user -a <username>

Case 2: On each managed client:
* install asceds (no need for snap or certbot)
* get info: certificate manager URL, root/sudo account access, 
            account on the web interface of the certificate manager
* prerequisites: client should be connected to the network,
            have DNS record, public IP address,
            and the domain should be served by the certificate manager
* connect to the certificate manager: asceds-init [-s <cert_manager>]
  (-n generates a new certificate); 
  when prompted, select the services using SSL certificates.

