Expand description
ACME challenge solvers.
This module provides trait-based abstractions and concrete implementations for solving ACME challenges (HTTP-01, TLS-ALPN-01, DNS-01) as well as a distributed solver wrapper for clustered deployments.
§Challenge types
| Solver | Port | How it works |
|---|---|---|
Http01Solver | 80 | Serves key_auth at /.well-known/acme-challenge/{token} |
TlsAlpn01Solver | 443 | Presents a self-signed cert with the acmeIdentifier extension via acme-tls/1 ALPN |
Dns01Solver | n/a | Creates a _acme-challenge TXT record via a DnsProvider |
§Distributed deployments
In a cluster, wrap any solver with DistributedSolver so that challenge
data is persisted to shared Storage. This
allows any cluster member to respond to the CA’s validation request, not
just the instance that initiated the certificate order.
Structs§
- Distributed
Solver - Wraps any
Solverfor clustered / distributed deployments. - Dns01
Solver - Solves ACME DNS-01 challenges by creating a TXT record via a
DnsProviderimplementation and optionally waiting for propagation. - Http01
Solver - Solves ACME HTTP-01 challenges by serving the key authorization string
at
GET /.well-known/acme-challenge/{token}on a simple HTTP server. - TlsAlpn01
Solver - Solves ACME TLS-ALPN-01 challenges by presenting a self-signed certificate
with the
acmeIdentifierextension during the TLS handshake, negotiated via theacme-tls/1ALPN protocol (RFC 8737).
Traits§
- DnsProvider
- Abstraction over a DNS provider that can create and delete TXT records.
- Solver
- An ACME challenge solver.
Functions§
- get_
active_ challenge - Look up the key authorization for an active challenge by its identifier.