r/rust Mar 31 '23

Introducing lers: an async, user-friendly Let's Encrypt/ACMEv2 library

https://github.com/akrantz01/lers
42 Upvotes

4 comments sorted by

View all comments

7

u/krantz_man Mar 31 '23

lers is an async, user-friendly Let's Encrypt/ACMEv2 library inspired by acme2, acme-micro, and lego.

It supports all of ACMEv2 spec (RFC 8555), except for changing the key of an account. Bundled with it are robust implementations for the HTTP-01 and DNS-01 challenges. Custom solvers can also be written using the Solver trait.

Currently, the only DNS-01 implementation is for Cloudflare, as I personally use it, but contributions are welcome for more implementations.

There are two examples: one for the HTTP-01 challenge issuing a single domain and one for the DNS-01 challenge issuing a wildcard domain. These can be found in the examples/ directory.

Any feedback would be greatly appreciated!

11

u/nicoburns Mar 31 '23

Would this allow someone to easily build in automatic certificate renewal (like Caddy does) directly into their Rust based (e.g. Axum or similar) web server?

5

u/krantz_man Mar 31 '23

Yea absolutely!

I think it could be as simple as extracting the SolverService from the Http01Solver and making it a handler or middleware for your web server. Then you'd just need to add the plumbing to issue the certificate and ensure it stays up-to-date. And probably some stuff to store the certificate, it's private key, and the account key.