pub struct Account<P: Persist> { /* private fields */ }
Expand description
Account with an ACME provider.
Accounts are created using Directory::account
and consist of a contact
email address and a private key for signing requests to the ACME API.
acme-lib uses elliptic curve P-256 for accessing the account. This does not affect which key algorithms that can be used for the issued certificates.
The advantage of using elliptic curve cryptography is that the signed requests against the ACME lib are kept small and that the public key can be derived from the private.
Implementations§
Source§impl<P: Persist> Account<P>
impl<P: Persist> Account<P>
Sourcepub fn acme_private_key_pem(&self) -> String
pub fn acme_private_key_pem(&self) -> String
Private key for this account.
The key is an elliptic curve private key.
Sourcepub fn certificate(&self, primary_name: &str) -> Result<Option<Certificate>>
pub fn certificate(&self, primary_name: &str) -> Result<Option<Certificate>>
Get an already issued and downloaded certificate.
Every time a certificate is downloaded, the certificate and corresponding private key are persisted. This method returns an already existing certificate from the local storage (no API calls involved).
This can form the basis for implemeting automatic renewal of certificates where the valid days left are running low.
Sourcepub fn new_order(
&self,
primary_name: &str,
alt_names: &[&str],
) -> Result<NewOrder<P>>
pub fn new_order( &self, primary_name: &str, alt_names: &[&str], ) -> Result<NewOrder<P>>
Create a new order to issue a certificate for this account.
Each order has a required primary_name
(which will be set as the certificates CN
)
and a variable number of alt_names
.
This library doesn’t constrain the number of alt_names
, but it is limited by the ACME
API provider. Let’s Encrypt sets a max of 100 names per certificate.
Every call creates a new order with the ACME API provider, even when the domain names supplied are exactly the same.
Sourcepub fn revoke_certificate(
&self,
cert: &Certificate,
reason: RevocationReason,
) -> Result<()>
pub fn revoke_certificate( &self, cert: &Certificate, reason: RevocationReason, ) -> Result<()>
Revoke a certificate for the reason given.
This calls the ACME API revoke endpoint, but does not affect the locally persisted
certs, the revoked certificate will still be available using certificate
.
Sourcepub fn api_account(&self) -> &ApiAccount
pub fn api_account(&self) -> &ApiAccount
Access the underlying JSON object for debugging.