Let's Encrypt Certificate Manager

[schoen]

We should have a Let's Encrypt Certificate Manager tool that helps users understand what keys and certs they currently have in /etc/letsencrypt (and the revocation/expiry/installation/autorenewal status of each of them), as well as initiating operations like

• enable/disable autorenewal
• adjust choice of installer to be used for autorenewal
• attempt to renew now
• attempt to revoke now
• import (non-LE-managed key and cert into the local LE cert store)
• export (obtain a copy of a key, cert, and chain for use elsewhere)
• purge (remove from LE management and attempt to securely delete key material)
• merge/split certs (by issuing new successor certs)

Some or all of these operations might also be available from the client using particular command-line options, but there should probably be a unified interactive interface to do them, which can be separate from the client.

I'm marking this as a 2.0 feature, but it would probably be good to have at least a rudimentary version for 1.0, or a cookbook explaining to sysadmins how to perform each of these tasks.

[schoen]

Other features (from my duplicate issue #408):

• rekeying a cert (obtaining a single successor cert with a different subject public key)
• adding or subtracting subject DNS names (obtaining a single successor cert with more or fewer or different subject names)

[bmw]

Currently, the best way to determine what certificates you have is to examine /etc/letsencrypt.A certificate manager would help this.