Easy to use Let's Encrypt compatible Automatic Certificate Management Environment (ACME)
client library.
Spec is available in https://tools.ietf.org/html/draft-ietf-acme-acme
Examples
Signing certificate for example.org:
# use self::acme_client::AcmeClient;
AcmeClient::new()
.and_then(|ac| ac.set_domain("example.org"))
.and_then(|ac| ac.register_account(Some("contact@example.org")))
.and_then(|ac| ac.identify_domain())
.and_then(|ac| ac.save_http_challenge_into("/var/www"))
.and_then(|ac| ac.simple_http_validation())
.and_then(|ac| ac.sign_certificate())
.and_then(|ac| ac.save_domain_private_key("domain.key"))
.and_then(|ac| ac.save_signed_certificate("domain.crt"));
Using your own keys and CSR to sign certificate:
# use self::acme_client::AcmeClient;
AcmeClient::new()
.and_then(|ac| ac.set_domain("example.org"))
.and_then(|ac| ac.load_user_key("user.key"))
.and_then(|ac| ac.load_domain_key("domain.key"))
.and_then(|ac| ac.load_csr("domain.csr"))
.and_then(|ac| ac.register_account(Some("contact@example.org")))
.and_then(|ac| ac.identify_domain())
.and_then(|ac| ac.save_http_challenge_into("/var/www"))
.and_then(|ac| ac.simple_http_validation())
.and_then(|ac| ac.sign_certificate())
.and_then(|ac| ac.save_domain_private_key("domain.key"))
.and_then(|ac| ac.save_signed_certificate("domain.crt"));
Or you can use this library to generate keys and CSR, and use it later:
# use self::acme_client::AcmeClient;
AcmeClient::new()
.and_then(|ac| ac.set_domain("example.org"))
.and_then(|ac| ac.gen_user_key())
.and_then(|ac| ac.gen_domain_key())
.and_then(|ac| ac.gen_csr())
.and_then(|ac| ac.save_user_public_key("user.pub"))
.and_then(|ac| ac.save_user_private_key("user.pub"))
.and_then(|ac| ac.save_domain_public_key("domain.pub"))
.and_then(|ac| ac.save_domain_private_key("domain.key"))
.and_then(|ac| ac.save_csr("domain.csr"));
Revoking signed certificate:
# use self::acme_client::AcmeClient;
AcmeClient::new()
.and_then(|ac| ac.load_user_key("tests/user.key"))
.and_then(|ac| ac.load_certificate("domain.crt"))
.and_then(|ac| ac.revoke_signed_certificate());