From d44f8a48a2f6bb6ee6c40e9d540b50b1eec69cad Mon Sep 17 00:00:00 2001
From: Matt Holt <mholt@users.noreply.github.com>
Date: Sat, 17 Oct 2015 15:02:52 -0600
Subject: [PATCH] Add bare-bones acme usage example

---
 README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/README.md b/README.md
index 9ced1461..a5dc00af 100644
--- a/README.md
+++ b/README.md
@@ -47,3 +47,69 @@ GLOBAL OPTIONS:
    --help, -h                    show help
    --version, -v                 print the version
 ```
+
+
+#### ACME Library Usage
+
+A valid, but bare-bones example use of the acme package:
+
+```go
+// You'll need a user or account type that implements acme.User
+type MyUser struct {
+	Email        string
+	Registration *acme.RegistrationResource
+	key          *rsa.PrivateKey
+}
+func (u MyUser) GetEmail() string {
+	return u.Email
+}
+func (u MyUser) GetRegistration() *acme.RegistrationResource {
+	return u.Registration
+}
+func (u MyUser) GetPrivateKey() *rsa.PrivateKey {
+	return u.key
+}
+
+// Create a user. New accounts need an email and private key to start.
+privateKey, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
+if err != nil {
+	log.Fatal(err)
+}
+myUser := MyUser{
+	Email: "you@yours.com",
+	key: privateKey,
+}
+
+// A client facilitates communication with the CA server. This CA URL is
+// configured for a local dev instance of Boulder running in Docker in a VM.
+// We specify an optPort of 5001 because we aren't running as root and can't
+// bind a listener to port 443 (used later when we attempt to pass challenge).
+client := acme.NewClient("http://192.168.99.100:4000", &myUser, 2048, "5001")
+
+// New users will need to register; be sure to save it
+reg, err := client.Register()
+if err != nil {
+	log.Fatal(err)
+}
+myUser.Registration = reg
+
+// The client has a URL to the current Let's Encrypt Subscriber
+// Agreement. The user will need to agree to it.
+err = client.AgreeToTos()
+if err != nil {
+	log.Fatal(err)
+}
+
+// The acme library takes care of completing the challenges to obtain the certificate(s).
+// Of course, the hostnames must resolve to this machine or it will fail.
+certificates, err := client.ObtainCertificates([]string{"mydomain.com"})
+if err != nil {
+	log.Fatal(err)
+}
+
+// Each certificate comes back with the cert bytes, the bytes of the server's
+// private key, and a certificate URL. This is where you should save them to files!
+fmt.Printf("%#v\n", certificates)
+
+// ... all done.
+```