Crate acme_rs[][src]

This crate provides the ability to create a new ACME certificate. It therefore follows the implementation details specified in RFC8555.

Features

  • acme-rs in its current state does only support the http challenge. The port 80 must not be blocked as this tool opens a http server in order to complete the challenge
  • You have the option to generate you keypair for the certificate first before executing the client.
  • By default, acme-rs will send the request to the URL https://acme-v02.api.letsencrypt.org/directory. However, you can manually change the ACME Server URL by using the --server flag. Just make sure you pass in the URL pointing to the directory information. The client then fetches all paths for further requests from the endpoint.

Usage

This crate currently only exposes a few methods. The main method generate_cert_for_domain exposes the functionality of the full working process of requesting a SSL/TLS certificate. It therefore completes the following steps:

  • Create a new account for a specialized email address.
  • Create a new order with that account for a certificate over the specified domain.
  • Fetch the list of available challenges from the order.
  • Complete the http challenge by opening a webserver on port 80.
  • Download the certificate from the server and return it.

The method takes a RSA keypair, the domain, the email and the ACME server url as an input.

This method is also used by the binary cli that ships with this crate. Usage instructions for the cli and information about the project in general can be found here.

Example

use acme_rs::{generate_cert_for_domain, util::{generate_rsa_keypair, save_certificates, save_keypair}};

// create a keypair and request the certificate for it
let keypair = generate_rsa_keypair().expect("Error during key creation");
let cert_chain = generate_cert_for_domain(
           &keypair,
           "www.example.org",
           "https://acme-v02.api.letsencrypt.org/directory",
           "max@mustermann.de",
           false,
       ).expect("Error while requesting the certificate.")

// save the certificate in two files called my_cert.crt and cert_chain.crt
save_certificates(cert_chain).expect("Unable to save certificate");

Modules

error

The module which encapsulates the error enumeration and related code and types.

util

A module that contains utility methods used in the acme-rs context. This module heavily uses the serde_json and openssl libaries.

Functions

generate_cert_for_domain

Generates a certificate for a certain domain. This method contains the logic for communicating with the server in order to authenticate for the certificate. The keypair that’s passed to this method is used to sign the certificate signing request (CSR).