pub struct Auth { /* private fields */ }
Expand description
An authorization (ownership proof) for a domain name.
Each authorization for an order much be progressed to a valid state before the ACME API will issue a certificate.
Authorizations may or may not be required depending on previous orders against the same ACME account. The ACME API decides if the authorization is needed.
Currently there are two ways of providing the authorization.
Implementations§
source§impl Auth
impl Auth
sourcepub fn domain_name(&self) -> &str
pub fn domain_name(&self) -> &str
Domain name for this authorization.
sourcepub fn need_challenge(&self) -> bool
pub fn need_challenge(&self) -> bool
Whether we actually need to do the authorization. This might not be needed if we have proven ownership of the domain recently in a previous order.
sourcepub fn http_challenge(&self) -> Option<Challenge<Http>>
pub fn http_challenge(&self) -> Option<Challenge<Http>>
Get the http challenge.
The http challenge must be placed so it is accessible under:
http://<domain-to-be-proven>/.well-known/acme-challenge/<token>
The challenge will be accessed over HTTP (not HTTPS), for obvious reasons.
use std::{fs::File, io::Write as _, time::Duration};
use acme::order::Auth;
async fn web_authorize(auth: &Auth) -> eyre::Result<()> {
let challenge = auth.http_challenge().unwrap();
// Assuming our web server's root is under /var/www
let path = {
let token = challenge.http_token();
format!("/var/www/.well-known/acme-challenge/{}", token)
};
let mut file = File::create(&path)?;
file.write_all(challenge.http_proof()?.as_bytes())?;
challenge.validate(Duration::from_millis(5000)).await?;
Ok(())
}
sourcepub fn dns_challenge(&self) -> Option<Challenge<Dns>>
pub fn dns_challenge(&self) -> Option<Challenge<Dns>>
Get the dns challenge.
The dns challenge is a TXT
record that must put created under:
_acme-challenge.<domain-to-be-proven>. TXT <proof>
The <proof>
contains the signed token proving this account update it.
use std::time::Duration;
use acme::order::Auth;
async fn dns_authorize(auth: &Auth) -> eyre::Result<()> {
let challenge = auth.dns_challenge().unwrap();
let record = format!("_acme-challenge.{}.", auth.domain_name());
// route_53_set_record(&record, "TXT", challenge.dns_proof());
challenge.validate(Duration::from_millis(5000)).await?;
Ok(())
}
The dns proof is not the same as the http proof.
sourcepub fn tls_alpn_challenge(&self) -> Option<Challenge<TlsAlpn>>
pub fn tls_alpn_challenge(&self) -> Option<Challenge<TlsAlpn>>
Returns the TLS ALPN challenge.
The TLS ALPN challenge is a certificate that must be served when a TLS connection is made with the ALPN protocol “acme-tls/1”. The certificate must contain a single dNSName SAN containing the domain being validated, as well as an ACME extension containing the SHA256 of the key authorization.
sourcepub fn api_auth(&self) -> &Authorization
pub fn api_auth(&self) -> &Authorization
Returns a reference to the authorization’s API object.
Useful for debugging.
We don’t refresh the authorization when the corresponding challenge is validated, so there will be no changes to see here.