acme-micro
acme-micro is a fork of acme-lib and allows accessing ACME (Automatic Certificate Management Environment) services such as Let's Encrypt.
Uses ACME v2 to issue/renew certificates.
Example
use ;
use create_p384_key;
Domain ownership
Most website TLS certificates tries to prove ownership/control over the domain they are issued for. For ACME, this means proving you control either a web server answering HTTP requests to the domain, or the DNS server answering name lookups against the domain.
To use this library, there are points in the flow where you would need to modify either the web server or DNS server before progressing to get the certificate.
See http_challenge
and dns_challenge
.
Multiple domains
When creating a new order, it's possible to provide multiple alt-names that will also
be part of the certificate. The ACME API requires you to prove ownership of each such
domain. See authorizations
.
Rate limits
The ACME API provider Let's Encrypt uses rate limits to ensure the API i not being
abused. It might be tempting to put the delay_millis
really low in some of this
libraries' polling calls, but balance this against the real risk of having access
cut off.
Use staging for dev!
Especially take care to use the Let`s Encrypt staging environment for development where the rate limits are more relaxed.
See DirectoryUrl::LetsEncryptStaging
.
Implementation details
The library tries to pull in as few dependencies as possible. (For now) that means using synchronous I/O and blocking cals. This doesn't rule out a futures based version later.
It is written by following the ACME draft spec 18, and relies heavily on the openssl crate to make JWK/JWT and sign requests to the API.
License: MIT