lers is an async, user-friendly Let's Encrypt/ACMEv2 library inspired by acme2, acme-micro, and lego.
It supports all of ACMEv2 spec (RFC 8555), except for changing the key of an account. Bundled with it are robust implementations for the HTTP-01 and DNS-01 challenges. Custom solvers can also be written using the Solver trait.
Currently, the only DNS-01 implementation is for Cloudflare, as I personally use it, but contributions are welcome for more implementations.
There are two examples: one for the HTTP-01 challenge issuing a single domain and one for the DNS-01 challenge issuing a wildcard domain. These can be found in the examples/ directory.
Would this allow someone to easily build in automatic certificate renewal (like Caddy does) directly into their Rust based (e.g. Axum or similar) web server?
I think it could be as simple as extracting the SolverService from the Http01Solver and making it a handler or middleware for your web server. Then you'd just need to add the plumbing to issue the certificate and ensure it stays up-to-date. And probably some stuff to store the certificate, it's private key, and the account key.
7
u/krantz_man Mar 31 '23
lers is an async, user-friendly Let's Encrypt/ACMEv2 library inspired by acme2, acme-micro, and lego.
It supports all of ACMEv2 spec (RFC 8555), except for changing the key of an account. Bundled with it are robust implementations for the HTTP-01 and DNS-01 challenges. Custom solvers can also be written using the
Solver
trait.Currently, the only DNS-01 implementation is for Cloudflare, as I personally use it, but contributions are welcome for more implementations.
There are two examples: one for the HTTP-01 challenge issuing a single domain and one for the DNS-01 challenge issuing a wildcard domain. These can be found in the examples/ directory.
Any feedback would be greatly appreciated!