Skip to main content

Crate certon

Crate certon 

Source
Expand description

§Certon

Automatic HTTPS/TLS certificate management using the ACME protocol.

Certon provides production-grade automatic certificate management.

§Quick Start

use certon::Config;

#[tokio::main]
async fn main() -> certon::Result<()> {
    let domains = vec!["example.com".into()];
    let tls_config = certon::manage(&domains).await?;
    // Use tls_config with your server...
    Ok(())
}

§Architecture

  • Config is the central entry point that coordinates the certificate lifecycle (obtain, renew, revoke, cache).
  • AcmeIssuer and ZeroSslIssuer implement the CertIssuer trait to obtain certificates from ACME-compatible Certificate Authorities.
  • CertCache provides an in-memory certificate store indexed by domain name for fast TLS handshake lookups.
  • CertResolver implements rustls::server::ResolvesServerCert and plugs directly into a rustls::ServerConfig.
  • Storage is the persistence abstraction; FileStorage is the default filesystem-backed implementation.
  • start_maintenance runs background loops that renew certificates and refresh OCSP staples.
  • Manager is an external certificate provider trait for custom sources.
  • PreChecker validates domains before ACME issuance is attempted.
  • HttpsRedirectHandler redirects HTTP traffic to HTTPS.

Re-exports§

pub use account::prompt_user_agreement;
pub use account::prompt_user_for_email;
pub use acme_client::LETS_ENCRYPT_PRODUCTION;
pub use acme_client::LETS_ENCRYPT_STAGING;
pub use acme_client::RenewalInfo;
pub use acme_client::RenewalWindow;
pub use acme_client::ZEROSSL_PRODUCTION;
pub use acme_client::ari_cert_id;
pub use acme_issuer::AcmeIssuer;
pub use acme_issuer::AcmeIssuerBuilder;
pub use acme_issuer::CertIssuer;
pub use acme_issuer::IssuedCertificate;
pub use acme_issuer::Manager;
pub use acme_issuer::PreChecker;
pub use acme_issuer::Revoker;
pub use cache::CacheOptions;
pub use cache::CertCache;
pub use certificates::Certificate;
pub use config::CertificateSelector;
pub use config::Config;
pub use config::ConfigBuilder;
pub use config::IssuerPolicy;
pub use crypto::KeyType;
pub use crypto::PrivateKey;
pub use error::Error;
pub use error::Result;
pub use file_storage::FileStorage;
pub use handshake::CertResolver;
pub use handshake::OnDemandConfig;
pub use maintain::MaintenanceConfig;
pub use ocsp::OcspConfig;
pub use redirect::HttpsRedirectHandler;
pub use redirect::start_https_redirect;
pub use solvers::DistributedSolver;
pub use solvers::Dns01Solver;
pub use solvers::DnsProvider;
pub use solvers::Http01Solver;
pub use solvers::Solver;
pub use solvers::TlsAlpn01Solver;
pub use storage::CertificateResource;
pub use storage::KeyInfo;
pub use storage::Storage;
pub use storage::StorageKeys;
pub use zerossl_issuer::ZeroSslApiIssuer;
pub use zerossl_issuer::ZeroSslIssuer;

Modules§

account
ACME account management.
acme_client
Low-level ACME protocol client (RFC 8555).
acme_issuer
ACME certificate issuer — the main certificate acquisition orchestrator.
async_jobs
Async job queue with retry logic for ACME operations.
cache
In-memory certificate cache with domain name indexing.
certificates
Certificate wrapping, renewal logic, and subject validation.
config
Central configuration hub and certificate lifecycle management.
crypto
Cryptographic utilities for ACME certificate management.
dns_util
DNS utilities for ACME DNS-01 challenge solving.
error
Error types for the certon ACME certificate management library.
file_storage
File-system-based storage backend for certon.
handshake
TLS handshake certificate resolution.
http_handler
HTTP handlers for ACME HTTP-01 challenge responses.
maintain
Background certificate maintenance loops.
ocsp
OCSP (Online Certificate Status Protocol) stapling support.
rate_limiter
Rate limiting for ACME operations.
redirect
HTTP to HTTPS redirect handler.
solvers
ACME challenge solvers.
storage
Storage abstraction for certificate assets.
zerossl_issuer
ZeroSSL certificate issuers.

Functions§

install_default_crypto_provider
Install the default rustls CryptoProvider based on the enabled feature.
listen
Obtain/load certificates for domains and bind a TLS listener on addr.
manage
Manage certificates for the given domains using a default configuration.
manage_async
Asynchronous certificate management for the given domains.
manage_sync
Synchronous-style certificate management for the given domains.
start_maintenance
Start background certificate maintenance for a Config.
tls_config
Create a TLS configuration for the given domains.